the AI approach not giving the full example what to add in principals i am adding this my webmodule.cs file
Hello Team ABP,
we are happy to use ABP and consuming framework with multiple projects and we are also using Openiddict module for token generation for mobile apis. when we are going process thorough 2FA login and calling 2fa provider api and send email works fine even for verification 2fa code works fine but after verification of 2fa we require to generate openiddict token we are unable to generate token using tokenmanager class this creates the tokenid but payload not returns the token and i also trying to create jwt token with the existing onpeniddict certificates jwt token works but limited scope as compared to normal token created from connect/token our manual token will not works on [authorize] services calling from one appservice to another appservice below is the mentioned code with 2 approaches openiddict and jwt process.
public virtual async Task\<VerifyAuthenticatorCodeDto> VerifyTwoFactorCodeAsync(VerifyAuthenticatorCodeInput input)
{
var user = await \_userManager.FindByIdAsync(input.UserId.ToString());
if (user == null)
{
throw new BusinessException("User not found!");
}
var verificationCode = input.Code.Replace(" ", string.Empty).Replace("-", string.Empty);
bool isValid = false;
if (input.Provider.Equals("Email", StringComparison.OrdinalIgnoreCase))
{
isValid = await \_userManager.VerifyTwoFactorTokenAsync(
user,
TokenOptions.DefaultEmailProvider,
verificationCode
);
}
else if (input.Provider.Equals("Authenticator", StringComparison.OrdinalIgnoreCase))
{
isValid = await \_userManager.VerifyTwoFactorTokenAsync(
user,
TokenOptions.DefaultAuthenticatorProvider,
verificationCode
);
}
else
{
throw new BusinessException($"Unknown provider: {input.Provider}");
}
if (!isValid)
{
throw new BusinessException("Invalid verification code.");
}
var application = await \_applicationManager.FindByClientIdAsync("Hazlewood\_Mobile");
if (application == null)
{
throw new BusinessException("Invalid client ID.");
}
var principal = await \_signInManager.CreateUserPrincipalAsync(user);
// Add essential claims for authorization
principal.SetClaim(OpenIddictConstants.Claims.Subject, user.Id.ToString());
principal.SetClaim(OpenIddictConstants.Claims.Name, user.UserName);
principal.SetClaim(OpenIddictConstants.Claims.Email, user.Email);
principal.SetClaim(OpenIddictConstants.Claims.Role, string.Join(" ", await \_userManager.GetRolesAsync(user)));
// Set token properties
principal.SetTokenType(OpenIddictConstants.TokenTypes.Bearer);
principal.SetScopes("email", "offline\_access", "Hazlewood");
principal.SetResources("Hazlewood");
principal.SetAudiences("Hazlewood");
principal.SetCreationDate(DateTimeOffset.UtcNow);
principal.SetExpirationDate(DateTimeOffset.UtcNow.AddHours(1));
var descriptor = new OpenIddictTokenDescriptor
{
Principal = principal,
Subject = principal.GetClaim(OpenIddictConstants.Claims.Subject),
Type = OpenIddictConstants.TokenTypes.Bearer,
Status = OpenIddictConstants.Statuses.Valid,
CreationDate = DateTimeOffset.UtcNow,
ExpirationDate = DateTimeOffset.UtcNow.AddHours(1),
ApplicationId = await \_applicationManager.GetIdAsync(application)
};
var accessToken = await \_tokenManager.CreateAsync(descriptor, CancellationToken.None);
var tokenString = await \_tokenManager.GetPayloadAsync(accessToken, CancellationToken.None);
/////////////////// using jwt ////////////////
var cert = new X509Certificate2(
"D:\\\Suraj Kumar\\\repos\\\tvc\\\openiddict.pfx",
"Admin@123",
X509KeyStorageFlags\.Exportable \| X509KeyStorageFlags\.EphemeralKeySet
);
var securityKey = new X509SecurityKey(cert)
{
KeyId = cert.Thumbprint // ensures both \`kid\` and \`x5t\` appear in the header
};
var claims = new List\<Claim>
{
new Claim(OpenIddictConstants.Claims.Subject, user.Id.ToString()),
new Claim(OpenIddictConstants.Claims.Email, user.Email),
new Claim(OpenIddictConstants.Claims.Username, user.UserName),
new Claim(OpenIddictConstants.Claims.Scope, "address profile email phone roles Hazlewood"),
new Claim(OpenIddictConstants.Claims.ClientId, "Hazlewood\_Mobile"),
new Claim("amr", "mfa"),
new Claim("role", "Individual"),
new Claim("oi\_prst", "Hazlewood\_Mobile"),
new Claim("session\_id", Guid.NewGuid().ToString()),
new Claim(OpenIddictConstants.Claims.JwtId, Guid.NewGuid().ToString()),
new Claim(OpenIddictConstants.Claims.Audience, "Hazlewood"),
new Claim("oi\_tkn\_id", Guid.NewGuid().ToString())
};
var identity = new ClaimsIdentity(claims, default);
var tokenHandler = new JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = identity,
Expires = DateTime.UtcNow.AddHours(1),
Issuer = "https://localhost:44370",
Audience = "Hazlewood", // must match your protected API
SigningCredentials = new SigningCredentials(
securityKey,
SecurityAlgorithms.RsaSha256
)
};
// var token = tokenHandler.CreateToken(tokenDescriptor);
//var accessToken = tokenHandler.WriteToken(token);
return new VerifyAuthenticatorCodeDto
{
IsSuccess = true,
// AccessToken = accessToken
};
}
<br> we dont have issue on web application as it manages the cookies it self but still we are facing issue to change default pages styling on forgot pages etc pleases share you feedback as soon as possible to resolve those queries these are challenges we are facing.
