Hello Abp team,
Hope I am giving you exciting challenges :-)
I need to pitch a Government Contract and I need to test two requirements before I send the proposal, as per my understanding OpenIddict do support RequireProofKeyForCodeExchange (PKCE) and a security feature Manual-Ltd https://www.rfc-editor.org/rfc/rfc8705
However, I don't know, how I can enable this feature in my ABP MVC Tieried Application.
Can you please suggest, how I can achieve this?
I am extending Openiddict to remove public string LogoUri { get; set; }
and replace it with Filetype to allow my clients to upload images by themselves, what is the best way to achieve this to upload and save images in the database? maybe:
ConfigureOpenIddict(openIddict = {
openIddict.ConfigureApplication(spp =>
spp. AddOrUpdateProperty<File>( ----> to show upload and show image?
"ApplicationIcon"
Regards, Navneet
Thanks Maliming, this is exactly what I was looking for.
You are the best :-)
Hi Maliming,
Thanks for sharing resources, I will try to integrate them.
Sorry for asking again, I have found the class AbpIdentitySettingDefinitionProvider under Volo.Abp.Identity.Domain. Where can I find the file that contains the implementation of Get and Set to/from SettingManager, maybe in Volo.Abp.Identity.Application - sorry I cannot find it
Thanks, Navneet
hi
Is there any way I can check if Twilio is not enabled, and doesn't show a phone verification option?
You can inject the
ISmsSender
and check the instance if aTwilioSmsSender
.
You can set
IdentitySettingNames.SignIn.EnablePhoneNumberConfirmation
tofalse
for specific tenants.Setting under Identity setting area.
Thanks,
I have found the class AbpIdentitySettingDefinitionProvider under Volo.Abp.Identity.Domain, however which service (or where can I find the file) is responsible for getting and setting this?
To extend the functionality of setting Twilio settings for each Tenant, I have looked at the class TwilioSmsSender.cs, the code with set the credentials has "lock (syncLock)" What is this for?
Do you see any issue if I reinitialise "TwilioClient.Init()" every time the application tries to send an SMS?
Check the docs before asking a question: https://abp.io/docs/latest
Check the samples to see the basic tasks: https://abp.io/docs/latest/samples
The exact solution to your question may have been answered before, and please first use the search on the homepage.
Provide us with the following info:
🧐 Hint: If you are using the ABP Studio, you can see all the information about your solution from the configuration window, which opens when you right-click on the solution and click on the Solution Configuration
button.
Hello Team,
Is there any way I can check if Twilio is not enabled, and doesn't show a phone verification option?
context.Services.RemoveAll(typeof(ICorsPolicyProvider));
context.Services.Add(ServiceDescriptor.Transient<ICorsPolicyProvider, MyCorsPolicyProvider>());
public class MyCorsPolicyProvider : ICorsPolicyProvider
{
Thanks, Navneet
Hi maliming,
Thanks for sharing the links, it is now crystal clear how CORS works in the backend with the request header.
PS:- I have also read your article on extending grant type, it was impressive - Good work mate!!
hi
For anonymous requests, there is no way to get the
client ID
.The
client id
has to exist in a query string or form post.You can try to inject the
IHttpContextAccessor
and call theGetOpenIddictServerRequest
extension method.
var request = HttpContext.GetOpenIddictServerRequest()
but the
OpenIddictServerRequest
only exists in the openiddict request.eg:
connect/token
orconnect/authorize
Hi maliming,
you are correct, without authentication, client id cannot be accessed, however, I managed to get the client id by HttpContext.
private readonly static Task<CorsPolicy?> NullResult = Task.FromResult<CorsPolicy?>(null);
private readonly CorsOptions _options;
Also, when I browse the endpoint via Postman connect/token
or connect/authorize
I don't reach to MyCorsPolicyProvider method.
Someresone get and set from cache is not working for me, could you please see if you can find any issue with my below code:
public class MyCorsPolicyProvider : ICorsPolicyProvider
{
private readonly static Task<CorsPolicy?> NullResult = Task.FromResult<CorsPolicy?>(null);
private readonly CorsOptions _options;
private readonly IOpenIddictApplicationRepository _openIddictApplicationrepo;
private readonly IDistributedCache<string> _cache;
public MyCorsPolicyProvider(
IOptions<CorsOptions> options,
IDistributedCache<string> cache,
IOpenIddictApplicationRepository openIddictApplicationrepo)
{
_options = options.Value;
_cache = cache;
_openIddictApplicationrepo = openIddictApplicationrepo;
}
public async Task<CorsPolicy?> GetPolicyAsync(HttpContext context, string? policyName)
{
//get domains from database, remember to cache it
var httpContext = context;
// Get the ReturnUrl from the query string
var returnUrl = httpContext.Request.Query["ReturnUrl"].ToString();
string clientIdFromUrl = "";
if (!string.IsNullOrEmpty(returnUrl))
{
// Decode the ReturnUrl
var decodedReturnUrl = HttpUtility.UrlDecode(returnUrl);
// Check if the decoded URL contains a query string
var uriParts = decodedReturnUrl.Split('?');
if (uriParts.Length > 1)
{
var innerQueryString = uriParts[1]; // Extract the query string part
// Parse the inner query string
var queryParameters = HttpUtility.ParseQueryString(innerQueryString);
// Extract the client_id
clientIdFromUrl = queryParameters["client_id"];
}
}
var CorsDomain = GetAsync(clientIdFromUrl);
var domains = new List<string> { CorsDomain.ToString() };
var builder = new CorsPolicyBuilder(Array.Empty<string>());
builder
.WithOrigins(
domains.Select(o => o.Trim().RemovePostFix("/"))
.ToArray() ?? Array.Empty<string>()
)
.WithAbpExposedHeaders()
.SetIsOriginAllowedToAllowWildcardSubdomains()
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
var result = builder.Build();
return result;
}
private async Task<string?> GetAsync(string clientId)
{
var CorsFromCache = await _cache.GetAsync(clientId);
if (CorsFromCache == null)
{
var CorsFromDb = GetFromDBAsync(clientId);
await _cache.SetAsync(clientId,CorsFromDb.ToString());
return CorsFromDb.ToString();
}
return null;
}
private async Task<string?> GetFromDBAsync(string clientId)
{
var appinfo = await _openIddictApplicationrepo.FindByClientIdAsync(clientId);
return appinfo.AppCORS.ToString();
}
}
hi
What is the process of your authentication?
After signing in to the website, you can get the
client id
.Are you using the code flow to get token?
I have created an Application to use Allow Authorization Code Flow, below is the screenshot:
public class MyCorsPolicyProvider : ICorsPolicyProvider
{
private readonly static Task<CorsPolicy?> NullResult = Task.FromResult<CorsPolicy?>(null);
private readonly CorsOptions _options;
protected IOpenIddictApplicationManager _ApplicationManager { get; }
private readonly ICurrentClient _currentClient;
public MyCorsPolicyProvider(
IOptions<CorsOptions> options,
IOpenIddictApplicationManager applicationManager,
ICurrentClient currentClient)
{
_options = options.Value;
_ApplicationManager = applicationManager;
_currentClient = currentClient;
}
public async Task<CorsPolicy?> GetPolicyAsync(HttpContext context, string? policyName)
{
//get domains from database, remember to cache it
var id = _currentClient.Id; // value is coming null
var app = await _ApplicationManager.FindByIdAsync(id);
hi
I think your authserver indirectly dependent on openiddict domain module.
so you can inject the openiddict's repository.
authserver
=>EF core project
=>OpenIddict EF Core
=>OpenIddict Domain
Thanks Maliming,
I have injected "private readonly ICurrentClient _currentClient;" and _currentClient.Id is always null? I am not sure If I am missing anything.
hi
Add
MyCorsPolicyProvider
to your AuthServer(web
) project.You can inject the
ICurrentClient,
which has anId
property.
that make sense, however, If I add MyCorsPolicyProvider to AuthServer('web'), then how can I search as the authserver does not have direct to repository like:- private readonly IRepository<OpenIddictApplication, Guid> _OpenIddictApplicationRepository;"
to query like:- var selectedApplication = _OpenIddictApplicationRepository.GetAsync(id)