Activities of "ademaygun"

Hi Maliming, steps:

• Click login button on online.abc.com
• It redirects to account.abc.com login page (https://account.abc.com/Account/Login?ReturnUrl=/connect/authorize/callback?client_id=A_App&redirect_uri=https://online-api.abc.com/signin-oidc&response_type=code id_token&scope=openid profile role email phone&response_mode=form_post (url is decoded)
• I logged in and it redirects me to online.abc.com (logged in)
• when click logout button and it redirects online-api.abc.com(Signed out , You have been signed out and you will be redirected soon, Click here to return application)
• It redirects to online.abc.com (logged out)
• I click login button again
• It redirects me to account.abc.com, but redirects me again to online.abc.com without asking for my username/password on the login page

Hi, I just realized that xyz.com comes to us with the following link:

https://account.abc.com/connect/endsession?post_logout_redirect_uri=https://xyz.com&client_id=Xyz_App

I customized the code as follows:

public async Task InvokeAsync(HttpContext context)
    {
        if (context.Request.Path.StartsWithSegments("/connect/endsession"))
        {
            var postLogoutRedirectUri = context.Request.Query["post_logout_redirect_uri"].ToString();
            var clientId = context.Request.Query["client_id"].ToString();

            var redirectUrl = $"/Account/LoggedOut?PostLogoutRedirectUri={postLogoutRedirectUri}&ClientName={clientId}";

            context.Response.Redirect(redirectUrl);
            return;
        }

        await _next(context);
    }

Thank you for your response.I have resolved my issue. However, I need to mention the following as well:

• The Abp framework should handle a standard link like the one mentioned above (connect/endsession).
• It redirects regardless of what we send to the redirect URL; it does not perform any checks (It might be a bug)

EDIT (2024-08-01):

The client application was not sending the id_token_hint during the invocation of /connect/endsession. Therefore, we removed the custom middleware. The system is now functioning in compliance with the standard

Hi Liangshiwei,

The logout redirect URLs are already defined; however, if the logout URL is as follows, it does not perform any redirection

https://account.abc.com/Account/LoggedOut?ClientName=Abc_App&post_logout_redirect_uri=https%3A%2F%2Fxyz.com&Culture=en&UICulture=en&PageContext=Microsoft.AspNetCore.Mvc.RazorPages.PageContext

If the link is in the following format, it successfully redirects:

https://account.abc.com/Account/LoggedOut?ClientName=Abc_App&PostLogoutRedirectUri=https%3A%2F%2Fxyz.com&Culture=en&UICulture=en&PageContext=Microsoft.AspNetCore.Mvc.RazorPages.PageContext

Note: This issue is not reflected in the logs

Hi liangshiwei, Thanks for your support

I added this lines

# Install Node.js and NPM
RUN apt-get update && \
    apt-get install -y nodejs npm && \
    rm -rf /var/lib/apt/lists/*

I am getting these warnings again this time.

# 13 45.89 npm WARN deprecated fsevents@1.2.9: The v1 package contains DANGEROUS / INSECURE binaries. Upgrade to safe fsevents v2
# 13 49.76 npm WARN deprecated cuid@2.1.8: Cuid and other k-sortable and non-cryptographic ids (Ulid, ObjectId, KSUID, all UUIDs) are all insecure. Use @paralleldrive/cuid2 instead.
# 13 51.89 npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix# deprecated
# 13 51.90 npm WARN deprecated source-map-url@0.4.0: See https://github.com/lydell/source-map-url# deprecated
# 13 51.94 npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url# deprecated
# 13 52.12 npm WARN deprecated set-value@0.4.3: Critical bug fixed in v3.0.1, please upgrade to the latest version.
# 13 52.16 npm WARN deprecated set-value@2.0.0: Critical bug fixed in v3.0.1, please upgrade to the latest version.
# 13 52.25 npm WARN deprecated mixin-deep@1.3.1: Critical bug fixed in v2.0.1, please upgrade to the latest version.
# 13 52.31 npm WARN deprecated source-map-resolve@0.5.1: See https://github.com/lydell/source-map-resolve# deprecated
# 13 52.39 npm WARN deprecated ini@1.3.5: Please update to ini >=1.3.6 to avoid a prototype pollution issue
# 13 53.61 npm WARN deprecated chokidar@2.1.6: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
# 13 55.12 npm WARN deprecated flag-icon-css@4.1.7: The project has been renamed to flag-icons

I'm not getting errors anymore, but what should I do to avoid receiving these warnings as well ?

Hi liangshiwei, Thanks for your support!

Hi liangshiwei, If I write the example code exactly as below, it creates a user in the AbpUsers table. If I log in again with the same user through an external provider, this time the CreateExternalUserAsync method is not triggered. Your suggestion works and is effective, but it means that the method (CreateExternalUserAsync) will always check whether the user exists before being called

[ExposeServices(typeof(LoginModel))]
public class MyLoginModel : LoginModel
{
    protected virtual async Task<IdentityUser> CreateExternalUserAsync(ExternalLoginInfo info)
    {
        var user = await base.CreateExternalUserAsync(info);
    }
}

adding external Login provider :

private void ConfigureExternalProviders(ServiceConfigurationContext context, IConfiguration configuration)
    {
        context.Services.AddAuthentication()
 .AddOpenIdConnect("oidc", options =>
 {
     options.Authority = "https://localhost:44366/";
     options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]); ;
     options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
     options.ClientId = "Client1";
     options.ClientSecret = "mysecret";

     options.UsePkce = true;
     options.SaveTokens = true;
     options.GetClaimsFromUserInfoEndpoint = true;
     options.Scope.Add("role");
     options.Scope.Add("email");
     options.Scope.Add("phone");
     options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
 }
    );

Hi Liangshiwei,

Thank you for your response, I appreciate your answer and I understand it very well. However, it seems like a workaround solution. I want to override the place where the decision to trigger this method is made. Even if I override the CreateExternalUserAsync method, it will still attempt to find the user every time and not be able to find it

Hi, After a successful login from an external login provider, I want to manually check whether the user exists in my system and then when I find the appropriate user, log them into my system (especially for tenant users)

Hello Anjali_Musmade,

Thank you for your response. It was definitely helpful to see this question. However, if possible, resolving the issue at its source is always a better solution. I'm curious about the following:

Would using ArgumentException instead of BusinessException in the Check class called within the Entity be a preference or a necessity? Because before .NET 7, we couldn't perform dependency injection into entity classes. Therefore, was it a necessity to use exceptions of type ArgumentException in entity classes due to the inability to localize them, or was it a deliberate choice?

About 10 months ago, Halil İbrahim Kalkan published an impressive article. I would like to see the adaptation of the Abp Suite's entity and manager classes in accordance with this article.