It seems your environment is 2021-10-06 12:02:43.701 +00:00 [INF] Hosting environment: Development
and you are using dns (zoolworks).
2021-10-06 13:37:22.524 +00:00 [ERR] Invalid redirect_uri: https://zoolworks:44337/swagger/oauth2-redirect.html {"ClientId":"LeaveMgmtSvc_Swagger","ClientName":"LeaveMgmtSvc_Swagger","RedirectUri":null,"AllowedRedirectUris":["https://localhost:44337/swagger/oauth2-redirect.html"],"SubjectId":"anonymous","ResponseType":null,"ResponseMode":null,"GrantType":null,"RequestedScopes":"","State":null,"UiLocales":null,"Nonce":null,"AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":"","MaxAge":null,"LoginHint":null,"SessionId":null,"Raw":{"response_type":"code","client_id":"LeaveMgmtSvc_Swagger","redirect_uri":"https://zoolworks:44337/swagger/oauth2-redirect.html","scope":"LeaveMgmtSvc","state":""}
Your LeaveMgmtSvc_Swagger client has allowed https://localhost:44337/swagger/oauth2-redirect.html
redirect uri however you are making request with a configuration containing https://zoolworks:44337/swagger/oauth2-redirect.html
So you need to add https://zoolworks:44337/swagger/oauth2-redirect.html to AbpClientRedirectUris
table where ClientId is the id of LeaveMgmtSvc_Swagger.
Please share identity server logs.
Is there any way to add this in program?
What do you mean by this?
You can update identityserver data seeder and run dbmigrator. Or manually add/edit AbpClientRedirectUris table.
Also did I mention about sharing related identity server logs which is the suggested way to troubleshoot identityserver related errors by identityserver team itself?
As i have mentioned earlier the values in db in tables "IdentityServerClients" are as same as that in the browser.
The problem is not related with IdentityServerClients, it is about ClientRedirectUris.
Please share related identityserver logs.
Since it is related with data, I can not help with looking at code. You need to check the database. Or, simply: Navigate to Administration -> IdentityServer -> Clients Actions -> Edit the Application you are having problem with (you can see that in identityserver log also) -> Application Urls -> Callback Add your production environment redirect uri as well.
I have some general architecture questions. I'm starting a new project on 4.4.3. The idea is that this will be a multitenant sas app. I will create several modules under the main application, each module will be for a specific webcart software, for example magento, shopify, etc. The implementation of the endpoints that remote carts will call and domain data for each of these is contained inside the module.
Cool! Module Architecture is designed for flexibility.
When new data comes in ( new orders for example ) the module will kick off a distributed event (these will be local initially but the code should work for when we move to microservice, per the docs). The main application then subscribes to these events and should record the transaction locally on abp database, and then schedule and process a background job (using the hangfire implementation) that posts the transactions into the appropriate remote backend.
Okay, thinking that you have a microservice application now since you want to manage transactions with database and background jobs. There is also a pattern for microservice transactions, which is called inbox-outbox pattern. And it happens to be that ABP will be implementing this pattern in v5. Check the annoucements about it.
Does this make sense to do? Also since the background jobs seems to be picked up from the queue sequentially and there could be many jobs and tenants, would we run into a problem where there could be a ton of transactions queued and they'd only be processed sequentially so a particular tenant could see huge delays getting their transactions in?
I suggest checking transactional outbox pattern which we already implement. I don't think there will be a delay problem for tenants.
A bigger concern is the fact that creating a bunch of httpclients to make the outgoing requests to the remote backends could cause resource exhaustion. In the past I've used an httpclient in DI to make the requests, however there's a problem here, and that is that each tenant will configure via settings management their remote backend url, these are different servers (but all the same software so contracts are the same).
I fail to understand the usage of http requests in here. Since you are in distributed system, why not using message broker (rabbitmq, kafka etc) async communication instead of http requests? Simply adapt for async communication over synced communication to prevent it from the begining.
When the transaction is processed and send to the remote backend, the url will be different because they are different servers.
There are service locators (envoy, consul etc) for that. It's only job is to find the related service.
To complicate matters most, the remote backend requires Login -> Receive SesssionID -> Then send this in the header of every subsequent request. In non multi-tenant implementations where its only one backend the application is sending these requests to, i simply use an interceptor to modify the header on the outgoing request.
No no no. You don't send any session id or something over the network for internal communication. If you want to use synched communication over http, it will be using Client Credential Flow grant type of OAuth2.0 without user credentials. Don't try to re-invent bicycle if it is about security and if your job is not creating bicycles for security.
In multi-tenant I assume the best thing to do would be to login -> send to redis cache for the tenant, and check this each time in the future when a request needs to go out and its for a particular tenant ID.
Multitenancy in ABP framework is very nicely abstracted and you can use with resolvers or a midware. You can check the source code.
I'm looking for any suggestion on how to accomplish this reliably without collapsing the application, keeping in mind that thousands of transactions can be posted in to the abp app, from different web carts, from different tenants.
I would suggest leaning towards async messaging (eventbus over message broker) over synced messaging (http requests). Aso watching Mastering Chaos - A Netflix Guide to Microservices can give you ideas about how they solve millions of requests.
I know this is a loaded question. Just looking for direction to make the most of this framework using best practices.
You can also follow eShopOnAbp repository where we are building eShop application using Abp.
Invalid_Redirect_Uri
error means your Redirect Uri is not matching with the one you already have in database for this application (client). Check the identityserver logs for more information. Probably related with your environment configuration.
We are not available for remote sessions most of the time, please share a repo or detailed logs so that any of us available can check and help within the shorted time period available. It will also help other members in the future if they come across the same issue.
Yes, Date and Time fields are not implemented yet but they are on backlog. We can prioritise based on demand.
This question is not related with ABP but Value Object concept in Domain Driven Design. So you may get better responses if you ask it under domain driven design at stackoverflow.
However I will try to explain.
A value object:
ValueObject
class has GetAtomicValues method).Knowing these above, you can not create value objects using CRUD page generator since it can not exist on it is own. But we can talk about improvements in suit about value object generation on selected entity. However, value object is a concept of domain driven design and people may mismatch it with regular 1-1 relation or they may not use DDD at all.
You need to understand the concept of value object better to decide what portions of your aggragate or entity can be represented as value object.
To persist in database using EfCore, you can use fluent api as below:
Entity<MyEntity>().OwnsOne(t=>t.MyValueObject)
You can check Microsoft documentation about implementing value objects. I also suggest checking Julie Lerman talks about DDD and EfCore 3.
You have separated IdentityServer, can you be sure that redis is up and running?
Yes, you can integrate Azure AD to your abp application. There are community articles about how to;
RBAC is different story. Abp applications use permission based authorization and these permissions are managed within the application it self. But you can add your azure ad roles/claims and write your own custom authorization filters as you like.
Because IdentityServer Module is not multi-tenant. That means you can't have tenant based data in identityserver module. So that your requests shouldn't contain tenantId.
Server to server https/grpc calls should not involve user and be done with client credential flow.
That being said, in which case are you using resource owner password flow for http request?