Here the same question: https://support.abp.io/QA/Questions/4439/Refused-to-display-%27httpsauthabccom8443%27-in-a-frame-because-it-set-%27X-Frame-Options%27-to-%27sameorigin%27
I can sure the problem is related to the URI
Please share the full logs, shiwei.liang@volosoft.com Both Blazor and Auth server.
The redirect_uri is openiddict client application's redirect_uri, not RedirectAllowedUrls
Please check the OpendictAppliations database table:
.
When you are done the changes, you should restart the site and clear the Redis cache(if Redis is used.)
Hi,
At present, you can't add parameters to existing endpoints. You can create your own application service to do it.
Or you can get the parameters from the HTTP context.
[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(IAuditLogsAppService))]
public class MyAuditLogsAppService : AuditLogsAppService
{
private readonly IHttpContextAccessor _httpContextAccessor;
public MyAuditLogsAppService(IAuditLogRepository auditLogRepository, IJsonSerializer jsonSerializer,
IPermissionChecker permissionChecker, IPermissionDefinitionManager permissionDefinitionManager, IHttpContextAccessor httpContextAccessor) : base(
auditLogRepository, jsonSerializer, permissionChecker, permissionDefinitionManager)
{
_httpContextAccessor = httpContextAccessor;
}
public override Task<List<EntityChangeWithUsernameDto>> GetEntityChangesWithUsernameAsync(EntityChangeFilter input)
{
var maxResultCount = _httpContextAccessor.HttpContext.Request.Query["MaxResultCount"];
var skipCount = _httpContextAccessor.HttpContext.Request.Query["skipCount"];
... query here
}
}
Hi,
you can't even login
The authorization request was rejected because the redirect_uri was invalid: 'https://thisisfortest.site/authentication/login-callback'.
You can check the document: https://docs.abp.io/en/commercial/latest/guides/identityserver-deployment
This is for identityserver, but most of it also works with openiddict
Please share the error log, thanks.
Hi,
This is the current suite design.
We will enhance ABP Suite in future releases.
Hi,
I create an internal issue for this, we will check it
Hi,
We will check it and your ticket was refunded.
Hi,
You can try to send a request and force logout.
public static class MyAuthenticationOptionsExtensions
{
public static CookieAuthenticationOptions MyIntrospectAccessToken(this CookieAuthenticationOptions options, string oidcAuthenticationScheme = "oidc")
{
options.Events.OnValidatePrincipal = async principalContext =>
{
if (principalContext.Principal == null || principalContext.Principal.Identity == null || !principalContext.Principal.Identity.IsAuthenticated)
{
return;
}
var logger = principalContext.HttpContext.RequestServices.GetRequiredService<ILogger<CookieAuthenticationOptions>>();
var accessToken = principalContext.Properties.GetTokenValue("access_token");
if (!accessToken.IsNullOrWhiteSpace())
{
var openIdConnectOptions = await GetOpenIdConnectOptions(principalContext, oidcAuthenticationScheme);
var response = await openIdConnectOptions.Backchannel.IntrospectTokenAsync(new TokenIntrospectionRequest
{
Address = openIdConnectOptions.Configuration?.IntrospectionEndpoint ?? openIdConnectOptions.Authority.EnsureEndsWith('/') + "connect/introspect",
ClientId = openIdConnectOptions.ClientId,
ClientSecret = openIdConnectOptions.ClientSecret,
Token = accessToken
});
if (response.IsError)
{
logger.LogError(response.Error);
await SignOutAsync(principalContext);
return;
}
if (!response.IsActive)
{
logger.LogError("The access_token is not active.");
await SignOutAsync(principalContext);
return;
}
logger.LogInformation("The access_token is active.");
}
else
{
logger.LogError("The access_token is not found in the cookie properties, Please make sure SaveTokens of OpenIdConnectOptions is set as true.");
await SignOutAsync(principalContext);
}
var service = principalContext.HttpContext.RequestServices.GetRequiredService<IxxxService>();
try
{
await service.xxxxx().....
}
catch (AbpRemoteCallException e)
{
if (e.Message.Contains("Unauthorized"))
{
await SignOutAsync(principalContext);
}
}
};
return options;
}
private async static Task<OpenIdConnectOptions> GetOpenIdConnectOptions(CookieValidatePrincipalContext principalContext, string oidcAuthenticationScheme)
{
var openIdConnectOptions = principalContext.HttpContext.RequestServices.GetRequiredService<IOptionsMonitor<OpenIdConnectOptions>>().Get(oidcAuthenticationScheme);
if (openIdConnectOptions.Configuration == null && openIdConnectOptions.ConfigurationManager != null)
{
openIdConnectOptions.Configuration = await openIdConnectOptions.ConfigurationManager.GetConfigurationAsync(principalContext.HttpContext.RequestAborted);
}
return openIdConnectOptions;
}
private async static Task SignOutAsync(CookieValidatePrincipalContext principalContext)
{
principalContext.RejectPrincipal();
await principalContext.HttpContext.SignOutAsync(principalContext.Scheme.Name);
}
}
context.Services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies", options =>
{
options.ExpireTimeSpan = TimeSpan.FromDays(365);
options.MyIntrospectAccessToken();
})
.......
After a while all users have logged in with OpenIddict, you should be able to remove this method `
