It is not working partially, they are different. I will try to explain better.
Request URL: https://webgateway.xyz.io/api/permission-management/permissions?providerName=R&providerKey=Employee%20User ------> This Works
This request is done to AdministrationService to get the permissions of the role,
Request URL: https://webgateway.xyz.io/api/permission-management/permissions?providerName=U&providerKey=7d2bf3e2-881f-82af-2e19-3a025c616e15 ----> This Doesn't Work
This request is done to the AdministrationService to get the permission of the user. Since user list can be found in IdentityService; AdministrationService makes a server-to-server request to IdentityService to get this list. See this: https://docs.abp.io/en/commercial/latest/startup-templates/microservice/microservices#identity-server-authorization-1
And it seems AdministrationService is having a problem when getting token from the AuthServer (client-credential request, see related docs above) to make a request to IdentityService.
Can AdministrationService pod reach the internet? To https://yourAuthServer.com/.well-known/openid-configuration endpoint?
If your external API is not abp module that implements an Http.Api.Client layer, you can make http requests using IHttpClientFactory and deserialize manually.
1. How should you look up a user in a microservice? For example, I want to choose a user from a list or I want to check some aspects of a user's details in an app service. Currently we have a local table with users, which is synchronized through ETOs (e.g. EntityCreatedEto) We then use this local repository for our queries. I noticed there is a UserLookupService that is used in CMS kit, but I can't seem to get this working in a microservice. I'm not sure of the best approach.
You can use http requests to IdentityService to get the user list (UserLookupService). To do that; add IdentityService.Application.Contracts to your microservice application layer (or application.contracts) and add IdentityService.Http.Api.Client to your microservice http.host layer with RemoteService configuration on appsettings.
2. How should we add users from a microservice? For example, in a workflow microservice, the user has entered an email of someone to assign a task, This user is not in the system yet so we want to invite/create user I'm assuming this is a standard inter-service communication to the identity service?
This seems very subtle for async communication. You can publish an event from your microservice and let your custom handler you create on IdentityService handle it. You can inject IdentityUserManager (default Microsoft Identity library) and create a new user. Furthermore, you can even publish a new event after successful user creation and let some microservice or a background job send an email to the user informing about it.
Extracting a Module as a Microservice guide is now available.
There is a community article about Integrating DevExpress ASP.NET Core Reporting to ABP MVC Application.
Then this may be related to AWS AKS altering the internal URL. Can you check with the AWS team? We didn't receive any similar issue from Azure AKS though.
Hello, Yes, we still have plans for deployment documentation however there are various application templates and various deployment environments.
The most complicated part of application deployment is the tiered/separated identity server template where you need to have extra steps to deploy the identity server and we have created the identity server deployment docs.
Other applications are pretty much the same as the default .net application or angular application. If you still need help with them, please provide the exact problem you have come across with logs so that we can assist better.
Hello,
Did you check 5.0 migration guide?
It seems SSL issue. Your certificate may not be trusted by the local machine. You may find faster solution about this problem since it seems a generic how to about publishing .net applications to AWS with SSL.
Also, please share related error parts of the logs under identityserver project Logs folder.
step-by-step guidelines on how to deploy the ABP (Angular) app to AWS using docker? I've read in the the forums, about 2 years ago, that there is a plan to release this guideline. Please advise.
Yes we have it on backlog but we I can't give exact time about it unfortunatelly.
Authorization Code with PKCE flow, remove offline_access scope from oidc configuration located at environment.ts file.