Hi,
Thank you so much, now, it's working.
[16:37:50 WRN] Unknown proxy: [::ffff:10.2.155.151]:39348
[16:37:50 INF] The request URI matched a server endpoint: PushedAuthorization.
[16:37:50 INF] The pushed authorization request was successfully extracted: {
"client_id": "Hangfire",
"redirect_uri": "http://treva-hangfire.tav.aero/signin-oidc",
"response_type": "code id_token",
"scope": "openid profile email phone offline_access roles HangfireService",
"response_mode": "form_post",
"nonce": "638983894708289133.YTkzYjM3N2EtYzFjMS00NWQ1LWE2MzEtOTc5OTYyY2YwY2QxNzc3NjE1NWUtZTc0OC00OWI3LWE2YWEtOGQ0MTYwYjE2NTkz",
"state": "CfDJ8KBhtfQcifVKv-63a2B9_LX2LCsBtttAvItfQJwYZ90Ynzqi8kK2RLW7-4-12JnVZJZEI06SCXijyHCl2H1j4x0IstXUpNaTw0KeUk7yF4VD_iHj6h11oN9KPMhMzl7YU5KAB5sbtohfy0gfnRVIj-jHJ6W0B0IX0IZqZ9YfwGBZnu4VjkyOVrTvTAtChU2I8-TSIw6cCUPUiUw05uelP_wQPQGq3WCoN6JT9kVF53IrE0WiU23EaSB_raAKPzqFfFU_f1dcfz6fjEresx5Mos2ZkOoeozRggoiJT6DrG_0lIErW05HHw1fRF78Lp4jQpdf1dfH27_gmy4Hpa4SQ_VU",
"client_secret": "[redacted]"
}.
[16:37:50 INF] The pushed authorization request was successfully validated.
[16:37:50 ERR] SessionId is null. It's not possible to save the session during the sign-in process.
[16:37:50 INF] The response was successfully returned as a JSON document: {
"request_uri": "urn:ietf:params:oauth:request_uri:LO4sePZEaUCJE7p6pDKvhu_R22lnmOuktOJ279wQEdY",
"expires_in": 3599
}.
[16:37:50 INF] Request finished HTTP/1.1 POST https://treva-authserver.tav.aero/connect/par - 201 122 application/json;charset=UTF-8 86.7409ms
[16:37:50 INF] Request starting HTTP/1.1 GET http://treva-authserver.tav.aero/connect/authorize?client_id=Hangfire&request_uri=urn%3Aietf%3Aparams%3Aoauth%3Arequest_uri%3ALO4sePZEaUCJE7p6pDKvhu_R22lnmOuktOJ279wQEdY&x-client-SKU=ID_NET9_0&x-client-ver=8.12.0.0 - null null
[16:37:50 WRN] Unknown proxy: [::ffff:10.2.155.151]:34146
[16:37:50 INF] The request URI matched a server endpoint: Authorization.
[16:37:50 INF] The authorization request was successfully extracted: {
"client_id": "Hangfire",
"request_uri": "urn:ietf:params:oauth:request_uri:LO4sePZEaUCJE7p6pDKvhu_R22lnmOuktOJ279wQEdY",
"x-client-SKU": "ID_NET9_0",
"x-client-ver": "8.12.0.0"
}.
[16:37:50 WRN] No SessionId was found in the token during ValidateTokenContext.
[16:37:50 INF] The authorization request was successfully validated.
[16:37:50 INF] Executing endpoint 'Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)'
[16:37:50 INF] Route matched with {action = "Handle", controller = "Authorize", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] HandleAsync() on controller Volo.Abp.OpenIddict.Controllers.AuthorizeController (Volo.Abp.OpenIddict.AspNetCore). [16:37:50 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy [16:37:51 INF] Executing SignInResult with authentication scheme (OpenIddict.Server.AspNetCore) and the following principal: System.Security.Claims.ClaimsPrincipal. [16:37:51 INF] The token '3a1d80ce-5e9e-f16f-f354-4c005a14adee' was successfully marked as redeemed. [16:37:51 INF] The authorization response was successfully returned to 'http://treva-hangfire.tav.aero/signin-oidc' using the form post response mode: { "code": "[redacted]", "id_token": "[redacted]", "state": "CfDJ8KBhtfQcifVKv-63a2B9_LX2LCsBtttAvItfQJwYZ90Ynzqi8kK2RLW7-4-12JnVZJZEI06SCXijyHCl2H1j4x0IstXUpNaTw0KeUk7yF4VD_iHj6h11oN9KPMhMzl7YU5KAB5sbtohfy0gfnRVIj-jHJ6W0B0IX0IZqZ9YfwGBZnu4VjkyOVrTvTAtChU2I8-TSIw6cCUPUiUw05uelP_wQPQGq3WCoN6JT9kVF53IrE0WiU23EaSB_raAKPzqFfFU_f1dcfz6fjEresx5Mos2ZkOoeozRggoiJT6DrG_0lIErW05HHw1fRF78Lp4jQpdf1dfH27_gmy4Hpa4SQ_VU", "iss": "https://treva-authserver.tav.aero/", "culture": "en", "ui-culture": "en" }. [16:37:51 INF] Executed action Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore) in 113.7744ms [16:37:51 INF] Executed endpoint 'Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' [16:37:51 INF] Request finished HTTP/1.1 GET https://treva-authserver.tav.aero/connect/authorize?client_id=Hangfire&request_uri=urn%3Aietf%3Aparams%3Aoauth%3Arequest_uri%3ALO4sePZEaUCJE7p6pDKvhu_R22lnmOuktOJ279wQEdY&x-client-SKU=ID_NET9_0&x-client-ver=8.12.0.0 - 200 2246 text/html;charset=UTF-8 151.2ms [16:37:52 INF] Request starting HTTP/1.1 POST http://treva-authserver.tav.aero/connect/token - application/x-www-form-urlencoded 185 [16:37:52 WRN] Unknown proxy: [::ffff:10.2.155.151]:39348 [16:37:52 INF] The request URI matched a server endpoint: Token. [16:37:52 INF] The token request was successfully extracted: { "client_id": "Hangfire", "client_secret": "[redacted]", "code": "[redacted]", "grant_type": "authorization_code", "redirect_uri": "http://treva-hangfire.tav.aero/signin-oidc" }. [16:37:52 INF] The token request was successfully validated. [16:37:52 INF] Executing endpoint 'Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' [16:37:52 INF] Route matched with {action = "Handle", controller = "Token", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] HandleAsync() on controller Volo.Abp.OpenIddict.Controllers.TokenController (Volo.Abp.OpenIddict.AspNetCore).
[16:37:52 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
[16:37:52 INF] Executing SignInResult with authentication scheme (OpenIddict.Server.AspNetCore) and the following principal: System.Security.Claims.ClaimsPrincipal.
[16:37:52 INF] The token '3a1d80ce-5f39-e6fb-de64-ba6f3f54c15f' was successfully marked as redeemed.
[16:37:52 INF] The response was successfully returned as a JSON document: {
"access_token": "[redacted]",
"token_type": "Bearer",
"expires_in": 3599,
"scope": "openid profile email phone offline_access roles HangfireService",
"id_token": "[redacted]",
"refresh_token": "[redacted]"
}.
[16:37:52 INF] Executed action Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore) in 59.5565ms
[16:37:52 INF] Executed endpoint 'Volo.Abp.OpenIddict.Controllers.TokenController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)'
[16:37:52 INF] Request finished HTTP/1.1 POST https://treva-authserver.tav.aero/connect/token - 200 6957 application/json;charset=UTF-8 181.0399ms
[16:37:52 INF] Request starting HTTP/1.1 GET http://treva-authserver.tav.aero/connect/userinfo - null null
[16:37:52 WRN] Unknown proxy: [::ffff:10.2.155.151]:39348
[16:37:52 INF] The request URI matched a server endpoint: UserInfo.
[16:37:52 INF] The userinfo request was successfully extracted: {
"access_token": "[redacted]"
}.
[16:37:52 INF] The userinfo request was successfully validated.
[16:37:52 INF] The authentication demand was rejected because the token had no valid audience.
[16:37:52 INF] OpenIddict.Validation.AspNetCore was not authenticated. Failure message: An error occurred while authenticating the current request.
[16:37:52 INF] Executing endpoint 'Volo.Abp.OpenIddict.Controllers.UserInfoController.Userinfo (Volo.Abp.OpenIddict.AspNetCore)'
[16:37:52 INF] Route matched with {action = "Userinfo", controller = "UserInfo", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] Userinfo() on controller Volo.Abp.OpenIddict.Controllers.UserInfoController (Volo.Abp.OpenIddict.AspNetCore). [16:37:52 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy [16:37:52 INF] Executing OkObjectResult, writing value of type 'System.Collections.Generic.Dictionary2[[System.String, System.Private.CoreLib, Version=9.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.Object, System.Private.CoreLib, Version=9.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]'.
[16:37:52 INF] Executed action Volo.Abp.OpenIddict.Controllers.UserInfoController.Userinfo (Volo.Abp.OpenIddict.AspNetCore) in 38.1243ms
[16:37:52 INF] Executed endpoint 'Volo.Abp.OpenIddict.Controllers.UserInfoController.Userinfo (Volo.Abp.OpenIddict.AspNetCore)'
[16:37:52 INF] Request finished HTTP/1.1 GET https://treva-authserver.tav.aero/connect/userinfo - 200 null application/json; charset=utf-8 62.4327ms
[16:37:53 INF] Start processing HTTP request GET http://treva-authserver/health-status
[16:37:53 INF] Sending HTTP request GET http://treva-authserver/health-status
[16:37:53 INF] Request starting HTTP/1.1 GET http://treva-authserver/health-status - null null
[16:37:53 INF] Executing endpoint 'Health checks'
[16:37:53 INF] Received HTTP response headers after 7.9361ms - 200
[16:37:53 INF] End processing HTTP request after 8.0299ms - 200
[16:37:53 INF] Executed endpoint 'Health checks'
[16:37:53 INF] Request finished HTTP/1.1 GET https://treva-authserver/health-status - 200 null application/json 6.0931ms
Hi ma,
AuthServer logs like below,
[12:31:30 INF] Request starting HTTP/1.1 POST http://treva-authserver.tav.aero/connect/par - application/x-www-form-urlencoded 667 [12:31:30 WRN] Unknown proxy: [::ffff:10.2.155.151]:51962 [12:31:30 INF] The request URI matched a server endpoint: PushedAuthorization. [12:31:30 INF] The pushed authorization request was successfully extracted: { "client_id": "Hangfire", "redirect_uri": "http://treva-hangfire/signin-oidc", "response_type": "code id_token", "scope": "openid profile address email phone roles HangfireService", "response_mode": "form_post", "nonce": "638983746900457193.MDEzMDVmZmQtYmZiNC00YmZjLWEzZGMtYWQyNGVkZDQxNmE0ZTg4OGM4NTMtYmFkYS00OTk0LWI3N2UtZDUxMTI5YjRkMzdj", "state": "CfDJ8KBhtfQcifVKv-63a2B9_LXb0UhUp5WGWbZnu7PIFLIhSwwmUa3NjGQNLRY2vWbL75wz_BArtwjLX7aez2K2J-btBUpR_qQxcZ5I7MmPvsT5e0_KNMSFBuJQ9--GwoBP3b7rIM26rcsma-bC5rTlOxwiuNs6EtiWxIB8bdq8O13Mo5HetG79fl2QAuUA9h_dVge0TSg4XjCRrmKcEvLJH1oSTgM30ED2iOJL0Y4nTO0MhUDcXzk4FPDncQjoTaKfLsEmRgjE6e159Hsxlk15VxCjTfNTbUHJ8rOlyC3m7iZXL32beBs1Zr38ifekgBeFAQ", "client_secret": "[redacted]" }. [12:31:30 INF] Client validation failed because 'http://treva-hangfire/signin-oidc' was not a valid redirect_uri for Hangfire. [12:31:30 INF] The pushed authorization request was rejected because the redirect_uri was invalid: 'http://treva-hangfire/signin-oidc'.
Hi Ma,
Thank you for your help, i fixed it with solution A.
Best regards,
Ahmet
Hi, thank you.
I tried all of the options even uninstall and install again but nothing changes.
Hi ma,
Thank you for help, i implemented the token providers as needed.
Now, everything works as i expected.
Thank you again (l)
/// <summary>
/// Generates a password reset token for the specified <paramref name="user"/>, using
/// the configured password reset token provider.
/// </summary>
/// <param name="user">The user to generate a password reset token for.</param>
/// <returns>The <see cref="Task"/> that represents the asynchronous operation,
/// containing a password reset token for the specified <paramref name="user"/>.</returns>
public virtual Task<string> GeneratePasswordResetTokenAsync(TUser user)
{
ThrowIfDisposed();
return GenerateUserTokenAsync(user, Options.Tokens.PasswordResetTokenProvider, ResetPasswordTokenPurpose);
}
/// <summary>
/// Returns a flag indicating whether the specified <paramref name="token"/> is valid for
/// the given <paramref name="user"/> and <paramref name="purpose"/>.
/// </summary>
/// <param name="user">The user to validate the token against.</param>
/// <param name="tokenProvider">The token provider used to generate the token.</param>
/// <param name="purpose">The purpose the token should be generated for.</param>
/// <param name="token">The token to validate</param>
/// <returns>
/// The <see cref="Task"/> that represents the asynchronous operation, returning true if the <paramref name="token"/>
/// is valid, otherwise false.
/// </returns>
public virtual async Task<bool> VerifyUserTokenAsync(TUser user, string tokenProvider, string purpose, string token)
{
ThrowIfDisposed();
ArgumentNullThrowHelper.ThrowIfNull(user);
ArgumentNullThrowHelper.ThrowIfNull(tokenProvider);
if (!_tokenProviders.TryGetValue(tokenProvider, out var provider))
{
throw new NotSupportedException(Resources.FormatNoTokenProvider(nameof(TUser), tokenProvider));
}
// Make sure the token is valid
var result = await provider.ValidateAsync(purpose, token, this, user).ConfigureAwait(false);
if (!result && Logger.IsEnabled(LogLevel.Debug))
{
Logger.LogDebug(LoggerEventIds.VerifyUserTokenFailed, "VerifyUserTokenAsync() failed with purpose: {purpose} for user.", purpose);
}
return result;
}
public virtual async Task<BasicUserInfoDto> TrevaSendPasswordResetCodeAsync(TrevaSendPasswordResetCodeDto input)
{
var user = await UserManager.FindByEmailAsync(input.Email) ??
throw new UserFriendlyException(L["Volo.Account:InvalidEmailAddress", input.Email]);
var resetToken = await UserManager.GeneratePasswordResetTokenAsync(user);
await _trevaAccountEmailer.TrevaSendPasswordResetCodeAsync(user, resetToken);
return new BasicUserInfoDto
{
UserId = user.Id,
TenantId = user.TenantId
};
}
public override async Task<bool> VerifyPasswordResetTokenAsync(VerifyPasswordResetTokenInput input)
{
var user = await UserManager.GetByIdAsync(input.UserId);
return await UserManager.VerifyUserTokenAsync(
user,
UserManager.Options.Tokens.PasswordResetTokenProvider,
UserManager<Volo.Abp.Identity.IdentityUser>.ResetPasswordTokenPurpose,
input.ResetToken);
}
We checked the codes, there is not any code block that sets TokenLifespan except options.TokenLifespan = TimeSpan.FromMinutes(2);
I'm checking it in my local computer.
How can I check "distributed cache for identity, ensure cache invalidation is working as expected"?
