Hi,
After authorized login, a new user was indeed created again
Now the subsystem wants to retrieve user permissions, roles, and other information directly from the authorization center
Rebuilding seems to violate single sign on
Is there any way
hi Why is the permission policy empty after authorized login?
"auth": {
"grantedPolicies": {}
},
"setting": {
"values": {
"Abp.Localization.DefaultLanguage": "en",
"Abp.Timing.TimeZone": "UTC",
"Abp.Identity.Password.RequiredLength": "6",
"Abp.Identity.Password.RequiredUniqueChars": "1",
"Abp.Identity.Password.RequireNonAlphanumeric": "True",
"Abp.Identity.Password.RequireLowercase": "True",
"Abp.Identity.Password.RequireUppercase": "True",
"Abp.Identity.Password.RequireDigit": "True",
"Abp.Identity.Lockout.AllowedForNewUsers": "True",
"Abp.Identity.Lockout.LockoutDuration": "300",
"Abp.Identity.Lockout.MaxFailedAccessAttempts": "5",
"Abp.Identity.SignIn.RequireConfirmedEmail": "False",
"Abp.Identity.SignIn.EnablePhoneNumberConfirmation": "True",
"Abp.Identity.SignIn.RequireConfirmedPhoneNumber": "False",
"Abp.Identity.User.IsUserNameUpdateEnabled": "True",
"Abp.Identity.User.IsEmailUpdateEnabled": "True",
"Abp.Identity.OrganizationUnit.MaxUserMembershipCount": "2147483647",
"Abp.Identity.TwoFactor.Behaviour": "Optional",
"Abp.Identity.TwoFactor.UsersCanChange": "True",
"Abp.Account.EnableLdapLogin": "false",
"Abp.Identity.EnableOAuthLogin": "false",
"Abp.Identity.OAuthLogin.Authority": null,
"Abp.Identity.OAuthLogin.ClientId": null,
"Abp.Identity.OAuthLogin.ClientSecret": null,
"Abp.Identity.OAuthLogin.Scope": null,
"Abp.Identity.OAuthLogin.RequireHttpsMetadata": "false",
"Abp.Identity.OAuthLogin.ValidateEndpoints": "false",
"Abp.Identity.OAuthLogin.ValidateIssuerName": "false",
"Abp.Account.IsSelfRegistrationEnabled": "False",
"Abp.Account.EnableLocalLogin": "False",
"Abp.Account.TwoFactorLogin.IsRememberBrowserEnabled": "true",
"Abp.Account.Captcha.UseCaptchaOnLogin": "false",
"Abp.Account.Captcha.UseCaptchaOnRegistration": "false",
"Abp.Account.Captcha.VerifyBaseUrl": "https://www.google.com/",
"Abp.Account.Captcha.SiteKey": null,
"Abp.Account.Captcha.Version": "3",
"Abp.Account.Captcha.Score": "0.5",
"Abp.Account.ProfilePictureSource": "False",
"Volo.Abp.LeptonTheme.Layout.Boxed": "False",
"Volo.Abp.LeptonTheme.Layout.MenuPlacement": "Left",
"Volo.Abp.LeptonTheme.Layout.MenuStatus": "AlwaysOpened",
"Volo.Abp.LeptonTheme.Style": "Style6",
"Volo.Abp.LeptonTheme.Style.PublicLayout": "Style1"
}
},
"currentUser": {
"isAuthenticated": true,
"id": "0d08f47e-23b7-b89c-45bd-3a0ab4f41e11",
"tenantId": null,
"impersonatorUserId": null,
"impersonatorTenantId": null,
"impersonatorUserName": null,
"impersonatorTenantName": null,
"userName": "test@qq.com",
"name": "test",
"surName": "test",
"email": "test@qq.com",
"emailVerified": false,
"phoneNumber": null,
"phoneNumberVerified": false,
"roles": []
},
hi
My email: 276389409@qq.com, thank you
hi Can you send me your demo? I'll compare it
Hi, Following your instructions, the same error occurred. The page that was redirected back is/Account/Register http://172.16.10.53:44338/Account/Register?IsExternalLogin=True&ExternalLoginAuthSchema=oidc
the configuration as follow:
.AddAbpOpenIdConnect("oidc", options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]); ;
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.ClientId = configuration["AuthServer:ClientId"];
options.ClientSecret = configuration["AuthServer:ClientSecret"];
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("roles");
options.Scope.Add("email");
options.Scope.Add("phone");
options.Scope.Add("AccountService");
options.Scope.Add("IdentityService");
options.Scope.Add("AdministrationService");
options.Scope.Add("SaasService");
//options.Scope.Add("ProductService");
//options.Scope.Add("ElsaService");
var tokenValidated = options.Events.OnTokenValidated;
options.Events.OnTokenValidated = validatedContext =>
{
tokenValidated.Invoke(validatedContext);
validatedContext.Principal.AddClaim(AbpClaimTypes.Email, validatedContext.Principal.FindFirstValue(ClaimTypes.Email));
return Task.CompletedTask;
};
});
.AddOpenIdConnect(Azure...,options => { var tokenValidated = options.Events.OnTokenValidated; options.Events.OnTokenValidated = validatedContext => { tokenValidated.Invoke(validatedContext); validatedContext.Principal.AddClaim(AbpClaimTypes.Email, validatedContext.Principal.FindFirstValue(ClaimTypes.Email)); return Task.CompletedTask; }; })
Hi Why is external authorization login? The page will be called back to the registration page, not the login page of the authorization center
Modified local configuration appsettings.json
"Settings": { "Abp.Account.IsSelfRegistrationEnabled": false, "Abp.Account.EnableLocalLogin": false }
Click the login button to adjust to the authorization center page
http://172.16.10.210:44322/connect/authorize?client_id=ReportDemo&redirect_uri=http://172.16.10.53:44338/signin-oidc&response_type=code id_token&scope=openid profile roles email phone AccountService IdentityService AdministrationService SaasService&response_mode=form_post&nonce=638175511421012693.MjllNTM0MjItM2I4OC00YTQxLTkxMjYtZjA3OGJkMTZiYzVkMzMzMTJjZDAtZWI5YS00NWU1LTgwYzEtNDUyYzEzMzJjNDk5&state=CfDJ8CGkFfOcMF9BqQuVqGjsPmkUiAQ-qr26COAb3ZpYXfIqrhRENdHI3s0mNNF3oYFM42Fx-QSyj0E0E-3ksNYFFMna34WePuihsjAsn-CXAj4iuwH9sMHf6_QWZXtN5WRX8FYwUF3KYavo0ScSRcg9Za0MafqLM53zJbQndSBzbJd-MMNyIfGq1aRiy3mOPQ6XtdDeE1gvz1FFzlVO7k-sl0J2uI-hBaLBYE26eEy9KwjI6bFXjsM_Y7WhbcdAZRYCPMQ27hi1HBafp9EAZLiPFpiLnrUFxGe4lH2VKUTABD0ipzw_rdYEYlmNL61nYIUH_uCFaxj3aIZGQzoWIqCGPf9K6arD7oekcZaBPEqZQE8rFyMOo-Oe486hWjQx83cylEwldG-cE25zdx47SBct5Mg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.11.1.0
And immediately adjust tohttp://172.16.10.53:44338/Account/Register?IsExternalLogin=True&ExternalLoginAuthSchema=oidc
Okay, could you please help me check remotely