Hi,
Is this can help you?
Add to ConfigureServices method.
context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme);
Hi,
That means that I need to know the user password?!?!
Unfortunately, yes.
This is the resource-owner-password-flow rule.
I am trying to import uses that already exist on Azure Ad by using the email and the current password, but still not working for me. Am I doing something wrong?
Could you provide the azure ad configuration(clientid,secret... and a test account) to me via email? shiwei.liang@volosoft.com
Hi,
After my check, it should work after https://support.abp.io/QA/Questions/3761#answer-3f02f82f-0c97-563c-cab8-3a069adc445c
Tips: ABP needs to get the email to create a user. you can check the user info endpoint.
it is a bit weird that I need to provide the password of the user that I am trying to import.
Yes, but it's a limit of OAuth, we have to provide a username and password to check if the user is valid.
Hi,
Did you provide the password when you import a user?
Hi,
Get access token error: {"error":"invalid_grant","error_description":"AADSTS50126: Error validating credentials due to invalid username or password.\r\nTrace ID: a7f3a95c-2848-4eac-a01f-4d0257db3d00\r\nCorrelation ID.
I guess the username or password is incorrect, could you provide an azure ad test configuration with me via email? shiwei.liang@volosoft.com
I can check it and quickly fix it.
Hi,
This is a problem, we will fix it in the 6.0 version., BTW, your ticket refunded.
For now, you can try:
[ExposeServices(typeof(OAuthExternalLoginManager))]
public class MyOAuthExternalLoginManager : OAuthExternalLoginManager
{
public MyOAuthExternalLoginManager(IOAuthSettingProvider oAuthSettingProvider, IHttpClientFactory httpClientFactory) : base(oAuthSettingProvider, httpClientFactory)
{
}
protected async override Task<DiscoveryDocumentResponse> GetDiscoveryResponseAsync()
{
using (var httpClient = HttpClientFactory.CreateClient(HttpClientName))
{
var request = new DiscoveryDocumentRequest
{
Address = await OAuthSettingProvider.GetAuthorityAsync(),
Policy = new DiscoveryPolicy
{
RequireHttps = await OAuthSettingProvider.GetRequireHttpsMetadataAsync(),
ValidateEndpoints = false,
ValidateIssuerName = false
}
};
var discoveryResponse = await httpClient.GetDiscoveryDocumentAsync(request);
if (discoveryResponse.IsError)
{
throw discoveryResponse.Exception ?? new AbpException("Get discovery error: " + discoveryResponse.Raw);
}
return discoveryResponse;
}
}
}```
Hi,
I will check it out
Yes, I can access the openId configuration metadata for my tenant, also on the logs I can see the openId metadata. The error that I am getting is this:
Please share the full logs, thanks.
Hi,
Let me explain how it works.
$"{Authority}/.well-known/openid-configuration)The configuration document endpoint will responsed:
token_endpoint to request access_token via resource-owner-password-flowYou can try access to https://login.microsoftonline.com/{tenant}/v2.0.well-known/openid-configuration to check it.
PS: Don't forget replace {tenant}.
