Doesn't this introduce security vulnerabilities because we don't validate the token?
I am having an issue after changing the mapping engine to mapperly and generating mappers per your documentation. The issue I am having is that since Id is a protected property, Mapperly does not generate mappings for it and so it comes across as empty. I was able to work around this in some cases by using Parameterless Contrctustor = false, but that breaks EF Core Change tracking because the mapping process creates a new entity which leaves the old entity in a detached state. I specifically saw this when we have an entity with sub-entities. The sub-entities are not able to be tracked by EF Core because they get tracked twice during the mapping process.
The configuration is exactly correct per the documentation you mentioned.
It would be helpful and reduce support tickets if my local AI agent could make tool calls to query ABP documentation
We are in the process of migrating version 8.0 to version 10.0 and are migrating from WASM to Web App. The account page, which lives in the API, so should be unaffected by the front end migration is now missing the two factor options on the user account page. The configuration has not changed, but the tabs are not visible.
I have removed all the external dependencies and it can now run without an azure connection.
Repo is updated.
The steps are this:
The auth server is embeded in the API. The workflow project is not needed for this repro.
At this point login should be possible, but when using the sefdemo.localhost url which corresponds to one of our tenants it does not work.
That is not my repository. My repro can be found here https://github.com/ddelamare/abpAuthIssue
That nuget package is not in our repository. The prefixes should be TOG. And SEF.
But here are the steps
So the main issue that I have is that the login does not work when each tenant has their own client id. Tenant is determined by url, so you'll have to register a local host dmrerirect in hosts file. You can use sefdemo.localhost as it's a host configured in the sender. Based on the feedback above, we need to register an oidc scheme per tenant, but that does not seem to work.
Ultimately, what we need is a login scheme thay works for all tenants when each tenant has their own unique url, configuration, and Database but all run on a single instance.
Additionally, we have an issue where controllers with third party base classes in the api host project return 401 when forwarded a seemingly valid token via yarp.
