Need help configuring swagger authorization. can't get past the following error.
error:invalid_request error_description:The specified 'redirect_uri' is not valid for this client application. error_uri:https://documentation.openiddict.com/errors/ID2043
for your refence i have attached swagger url and table screen shots
We are integrating third-party SSO SAML2.0, User will authenticated from that IDP. And get redirected our application to successful authentication. Once user land in our application it will be authorize to assign proper role. Process :-
We do not maintain user information in our database; however, we do assign roles to users because the role and the user link are part of the ABP table. So how we can assign a role without user information?
we are try to add entry in abp user table only with email id then there some required fields which we have to insert password and all how we are going to insert information.
Saml2AppService.cs, which is located in IdentityApplicationModule. I want to save user data in the abpUser table, therefore I called the CreateAsync method, which is present within IdentityUserAppService.cs in IdentityApplicationModule.
I'm facing error while calling the below api. DependencyResolutionException: None of the constructors found on type can be invoked with the available services and parameters
how to fix? And how to increase MaxUserCount ?
I have create below cs file and using CreateAsync method try to add new user in AbpUser table but facing below error. how to resolved. Saml2Controller.cs ,Saml2AppService.cs and ISaml2AppService.cs
Error :-
at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.<CheckAsync>d__16.MoveNext()
at Volo.Abp.Authorization.MethodInvocationAuthorizationService.<CheckAsync>d__3.MoveNext()
at Volo.Abp.Authorization.AuthorizationInterceptor.<AuthorizeAsync>d__3.MoveNext()
at Volo.Abp.Authorization.AuthorizationInterceptor.<InterceptAsync>d__2.MoveNext()
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.<InterceptAsync>d__3
1.MoveNext()
at Castle.DynamicProxy.AsyncInterceptorBase.<ProceedAsynchronous>d__141.MoveNext() at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue
1.<ProceedAsync>d__7.MoveNext()
at Volo.Abp.Validation.ValidationInterceptor.<InterceptAsync>d__2.MoveNext()
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.<InterceptAsync>d__3
1.MoveNext()
at Castle.DynamicProxy.AsyncInterceptorBase.<ProceedAsynchronous>d__141.MoveNext() at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue
1.<ProceedAsync>d__7.MoveNext()
at Volo.Abp.Uow.UnitOfWorkInterceptor.<InterceptAsync>d__2.MoveNext()
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.<InterceptAsync>d__3
1.MoveNext()
at SCV.Litmus.Saml2.Saml2AppService.<AddUser>d__12.MoveNext() in D:\Projects\core-platform-2\SCV.Litmus\aspnet-core\modules\litmus-core\src\SCV.Litmus.Application\Saml2\Saml2AppService.cs:line 146
basically the users who are authenticated from external SSO are not our application users, only the similarity is the email address. After token validation, I have to check if the user exists in our system with the email id, if the user does not exist with that email create a user with a specific role and then set the current user. My question is how can I execute these user checks and creation logic immediately after user validate from IDP?
However, I have added very high level analysis code please go thought it and let me know correct or not ?
Step 1: Add NuGet Packages
Ensure you have the following packages installed in our Gateway web project
:
<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="5.0.0" />
<PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="6.8.0" />
Step 2: Configure appsettings.json
Add the OpenIdConnect settings to gateway appsettings.json
:
{
"Authentication": {
"OpenId": {
"Authority": "https://{yourOktaDomain}/oauth2/default",
"ClientId": "{yourClientId}",
"ClientSecret": "{yourClientSecret}",
"ResponseType": "code",
"SaveTokens": true,
"GetClaimsFromUserInfoEndpoint": true,
"Scope": "openid profile email"
}
}
}
3. Update the `ConfigureServices` and `Configure` methods to set up authentication:
//The code you provided configures authorization policies in your application,
specifically setting a default authorization policy that requires users to be authenticated
using either the primary JWT Bearer scheme or the OIDC JWT Bearer scheme.
private static void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
{
context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = false;
options.Audience = configuration["AuthServer:ApiResource"];
})
.AddJwtBearer("OIDC", options =>
{
options.Audience = configuration["AuthServer:ApiResource"];
options.RequireHttpsMetadata = false;
options.Authority = configuration["AuthServer:Authority"];
});
Log.Information($"ApiResource: {configuration["AuthServer:ApiResource"]}");
// Authorization
context.Services.AddAuthorization(options =>
{
var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(
JwtBearerDefaults.AuthenticationScheme,
"OIDC");
defaultAuthorizationPolicyBuilder =
defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
});
}
public void ConfigureServices(IServiceCollection services)
{
need to discuss commented code
//services.AddAuthentication(options =>
// {
// options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
// options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
//})
// .AddCookie()
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.Authority = Configuration["Authentication:OpenId:Authority"];
options.ClientId = Configuration["Authentication:OpenId:ClientId"];
options.ClientSecret = Configuration["Authentication:OpenId:ClientSecret"];
options.ResponseType = Configuration["Authentication:OpenId:ResponseType"];
options.SaveTokens = Configuration["Authentication:OpenId:SaveTokens"];
options.GetClaimsFromUserInfoEndpoint = Configuration["Authentication:OpenId:GetClaimsFromUserInfoEndpoint"];
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
});
}
public override void OnApplicationInitialization(ApplicationInitializationContext context)
{
app.UseAuthentication();
app.UseAuthorization();
}
modules\Identity-core\src\Identity.HttpApi\Controllers\OIDC\OIDCController.cs
Note :- AuthenticationSchemes we can use Controllers or Method level as well
namespace Identity.Controllers.OIDC
{
[Route("api/OIDC")]
[Authorize(AuthenticationSchemes = "OIDC")]
public class OIDCController : AbpController, OIDCAppService
{
}
[Authorize("OIDC")]
public Task CreateAsync(CreateAuthorDto input)
{
}
all IDP end points.
}
Objective: To bypass the ABP.IO login page and redirect users directly to the IdP’s login page, and after successful authentication, redirect them to application’s dashboard.
Description :- I have integrated OpenIdConnect with a third-party Identity Provider (IdP) in a new ABP.IO template project, and it is working as expected. However, we have a requirement where, when a client clicks on our application logo (which is already configured within their application), they should be redirected directly to the IdP's login page instead of the ABP.IO login page. After authentication with the IdP, the user should be redirected to our dashboard.
I need assistance how to handle routing and above scenario in abp.io template.
<br> I don't want to show below screen for OpenIdConnect login user.
I need your assistance.
public async Task<bool> CreateAsync(IdentityUserCreateDto input, Guid tenantId)
{
try
{
var newUserName = await GetUniqueUserNameAsync(input.Name.Trim(), input.Surname.Trim());
var user = new IdentityUser(\_guidGenerator.Create(), newUserName.Trim(), input.Email, tenantId);
var creationResult = await \_identityUserManager.CreateAsync(user, input.Password.Trim());
creationResult.CheckErrors();
await \_identityUserManager.SetEmailAsync(user, input.Email.Trim());
await \_identityUserManager.SetPhoneNumberAsync(user, input.PhoneNumber.Trim());
user.Name = input.Name.Trim();
user.Surname = input.Surname.Trim();
var claimsToAdd = new List\<Claim>
{
new Claim(ClaimTypes.Email, input.Email.Trim()),
};
await \_identityUserManager.AddClaimsAsync(user, claimsToAdd);
await \_unitOfWorkManager.Current.SaveChangesAsync();
await assignRoles(input, user);
var userDetails = await \_identityUserManager.GetByIdAsync(user.Id);
if (userDetails != null)
{
userDetails.SetProperty("Status", 1);
userDetails.SetProperty("Language", "en");
}
await \_unitOfWorkManager.Current.SaveChangesAsync();
}
catch (Exception ex)
{
}
}
<br>
After successfully adding the user to the database, I encountered an error when executing the line var userDetails = await _identityUserManager.GetByIdAsync(user.Id);
.
I have verified that the user was added to the database and that the user ID is present and correct.