I have several different commits. And I updated straight away from 7.4 to 8.1 with that abp update command because I cannot spesify version as you know. So I don't know how 8.0 and 8.1 versions of AuthServer are different.
Ok. Thanks anyway.
Is it OK to clean it away in our own code? https://scm-test.lw.app/? code=0m3Bw75YTPhX5MPp2lmcGhiU4igYl1YMRWDbD0QIEMA& state=dmxqdENEanJ1ZWFseU5sTGZjRXZpZklDYnQ5Ni5Cemg3dFBWcC1vN3Bja2V5& iss=https%3A%2F%2Fauth.scm-test.lw.app%2F
These are what AuthServer returns in callback call. Code and state are removed from url by your code or open iddicts but iss stays.
Is it normal/correct that after login there is iss url parameter like this: https://scm-test.lw.app/app/?iss=https:%2F%2Fauth.scm-test.lw.app%2F ?
Actually I forget that there was override for AuthServer:Authority parameter at Host App Service Configuration and it was https://app-scm-auth-test-qa-001.ase-sharedeawgeacbyumuk-qa-001.appserviceenvironment.net/ because that way communication goes directly to auth server inside Azure that why we cannot use public address(https://auth.scm-test.lw.app) because it is IP restricted. After I added that setIssuer to AuthServer code it started to work. At AuthServer AuthServer:Authority parameter value is https://auth.scm-test.lw.app/. So now it started to work. So there was no need for that Configure part. SetIssuer was all I needed.
builder.Configure(c =>
{
c.TokenValidationParameters.ValidIssuers = new List<string>()
{
configuration["AuthServer:Authority"]!,
"https://app-scm-auth-test-qa-001.ase-sharedeawgeacbyumuk-qa-001.appserviceenvironment.net/"
};
});
Thanks.
Thank you for the tip. Actually in my stash I did have that setIssuer because there was that line in example project what I created with abp suite, but I wasn't sure was that needed because there wasn't anything in migration guide and there was not need for it with IdentityServer. I will first only add it and if it doesn't work then I will add that configure part.
here is example token payload. If it tells you enything.
{
"sub": "f6277149-bcd8-7587-5001-3a096665a3a1",
"preferred_username": "admin",
"email": "SCMadmin@leanware.fi",
"role": "admin",
"given_name": "admin",
"phone_number_verified": "False",
"email_verified": "False",
"unique_name": "admin",
"oi_prst": "SCM_App",
"iss": "https://auth.scm-test.lw.app/",
"oi_au_id": "0a696354-cb8f-b108-c129-3a666cdeae51",
"client_id": "SCM_App",
"oi_tkn_id": "5ba7a0c9-4577-a3ea-a15a-3a666ab74e8c",
"aud": "SCM",
"scope": "offline_access openid profile roles email phone SCM",
"jti": "fe00a5cf-c813-4713-9219-85e04666cc29",
"exp": 1702564553,
"iat": 1702560953
}
We have Application Gateway which direct calls to App service. That appserviceenvironment.net is app service address. And lw.app is Application gateway address. Can you tell me is that Issuer: 'https://auth.scm-test.lw.app/' value from fronend Authority parameter? And can you tell me where this value is coming from validationParameters.ValidIssuers: 'https://app-scm-auth-test-qa-001.ase-sharedeawgeacbyumuk-qa-001.appserviceenvironment.net/'? I mean from what configuration. Appsettings.json?, database? Because I'm sure that there is no where that exact value. But in earlier project when some url changed from lw.app to appserviceenvironment.net there was missing trailing / . And adding / fixed. So now I'm wondering is it same problem and if it is where I'm missing that / . Because I think I have added it to all places.
Here are logs when I did one login. There was on ly csv export possibility in our logging tool, but I copied data from there to txt format if you prefer it. https://drive.google.com/drive/folders/1yTPoOMqUpcpTjlXgdEKsSJahgIRTd65A?usp=drive_link
Those logs what I give has all related logs what happened when I start to login give correct account informations and return back to application. Because there was so much logs I filtered these kind of lines away because I assume they are not related to this issue:
customDimensions.SourceContext !contains "HealthChecks" and message != "Added 0 entity changes to the current audit log" and message !contains "Added bundle 'Lepton.Global'"