hi
You can debug the code to see why return new ForbidResult
bwt, the question has too many replies.
Can you create a new question to reply?
Thanks
hi
Please share a screenshot of your solution structure.
Please check the logs of the real API(api/account/my-profile) website.
but the grant extension method it doesn't validate the token.
I don't understand.
You can send the code to user, then pass userid and code to your grant extension
if the code is correct. Then, return the access token. in this way, you can use the access token to call the api.
hi
Are you using the gateway?
Please check the service logs.
500 error logs seem to be on other websites.
[14:10:09 INF] [] Request starting "HTTP/2" "GET" "https"://"localhost:44359""""/api/account/my-profile""" - null null
[14:10:09 INF] [] CORS policy execution successful.
[14:10:09 INF] [] Handling request: /api/account/my-profile
[14:10:09 INF] [] Handling request logProject: product
[14:10:09 INF] [] Handling request logProjectGroupName: /ecs/product-dev-gateway
[14:10:09 INF] [] Handling request logProject change tenant: product
[14:10:09 INF] [Product] Executing endpoint '"Volo.Abp.Account.ProfileController.GetAsync (Volo.Abp.Account.Pro.Public.HttpApi)"'
[14:10:09 INF] [Product] Route matched with "{area = \"account\", controller = \"Profile\", action = \"Get\", page = \"\"}". Executing controller action with signature "System.Threading.Tasks.Task`1[Volo.Abp.Account.ProfileDto] GetAsync()" on controller "Volo.Abp.Account.ProfileController" ("Volo.Abp.Account.Pro.Public.HttpApi").
[14:10:09 INF] [Product] Executed action "Volo.Abp.Account.ProfileController.GetAsync (Volo.Abp.Account.Pro.Public.HttpApi)" in 13.5452ms
[14:10:09 INF] [Product] Executed endpoint '"Volo.Abp.Account.ProfileController.GetAsync (Volo.Abp.Account.Pro.Public.HttpApi)"'
[14:10:09 INF] [] Finished handling request.
[14:10:09 INF] [] Request finished "HTTP/2" "GET" "https"://"localhost:44359""""/api/account/my-profile""" - 500 null "application/json" 195.4187ms
hi
after calling the /api/account/my-profile API, I am encountering an internal server error.
Please call the API a few more times and share the log. Your log seems incomplete.
Thanks.
You can set log level to Debug
public class Program
{
public async static Task<int> Main(string[] args)
{
Log.Logger = new LoggerConfiguration()
.MinimumLevel.Debug()
.MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning)
.Enrich.FromLogContext()
.WriteTo.Async(c => c.File("Logs/logs.txt"))
.WriteTo.Async(c => c.Console())
.CreateLogger();
hi
Something like this:
return new Microsoft.AspNetCore.Mvc.SignInResult(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, claimsPrincipal); will generate a access token.
namespace G1.health.AuthServer.PasswordlessAuthentication;
public class EmpowermTokenExtensionGrant : ITokenExtensionGrant
{
public const string ExtensionGrantName = "PasswordlessLoginProvider";
public string Name => ExtensionGrantName;
public async Task<IActionResult> HandleAsync(ExtensionGrantContext context)
{
var userToken = context.Request.GetParameter("token").ToString();
if (string.IsNullOrEmpty(userToken))
{
return new ForbidResult(
new[] { OpenIddictServerAspNetCoreDefaults.AuthenticationScheme },
properties: new AuthenticationProperties(new Dictionary<string, string>
{
[OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidRequest
}!));
}
var userId = context.Request.GetParameter("userid").ToString();
if (string.IsNullOrEmpty(userId))
{
return new ForbidResult(
new[] { OpenIddictServerAspNetCoreDefaults.AuthenticationScheme },
properties: new AuthenticationProperties(new Dictionary<string, string>
{
[OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidRequest
}!));
}
var userManager = context.HttpContext.RequestServices.GetRequiredService<EmpowermIdentityUserManager>();
var user = await userManager.GetByIdAsync(userId);
if(!await UserManager.VerifyUserTokenAsync(user, "PasswordlessLoginProvider", "passwordless-auth", token))
{
return new ForbidResult(
new[] { OpenIddictServerAspNetCoreDefaults.AuthenticationScheme },
properties: new AuthenticationProperties(new Dictionary<string, string>
{
[OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidRequest
}!));
}
var userClaimsPrincipalFactory = context.HttpContext.RequestServices.GetRequiredService<IUserClaimsPrincipalFactory<Volo.Abp.Identity.IdentityUser>>();
var claimsPrincipal = await userClaimsPrincipalFactory.CreateAsync(user);
claimsPrincipal.SetScopes(principal.GetScopes());
claimsPrincipal.SetResources(await GetResourcesAsync(context, principal.GetScopes()));
await context.HttpContext.RequestServices.GetRequiredService<AbpOpenIddictClaimsPrincipalManager>().HandleAsync(context.Request, claimsPrincipal);
return new Microsoft.AspNetCore.Mvc.SignInResult(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, claimsPrincipal);
}
private async Task<IEnumerable<string>> GetResourcesAsync(ExtensionGrantContext context, ImmutableArray<string> scopes)
{
var resources = new List<string>();
if (!scopes.Any())
{
return resources;
}
await foreach (var resource in context.HttpContext.RequestServices.GetRequiredService<IOpenIddictScopeManager>().ListResourcesAsync(scopes))
{
resources.Add(resource);
}
return resources;
}
}
hi
These code are not compatible with your case.
You should use UserManager.VerifyUserTokenAsync(user, "PasswordlessLoginProvider", "passwordless-auth", token) to check the code.
If the code is correct, you can generate the access_token for the user.
And there is no user in your token request. You can consider passing a userid in the request.
var transaction = await context.HttpContext.RequestServices.GetRequiredService<IOpenIddictServerFactory>().CreateTransactionAsync();
transaction.EndpointType = OpenIddictServerEndpointType.Introspection;
transaction.Request = new OpenIddictRequest
{
ClientId = context.Request.ClientId,
ClientSecret = context.Request.ClientSecret,
Token = userToken
};
var notification = new OpenIddictServerEvents.ProcessAuthenticationContext(transaction);
var dispatcher = context.HttpContext.RequestServices.GetRequiredService<IOpenIddictServerDispatcher>();
await dispatcher.DispatchAsync(notification);
if (notification.IsRejected)
{
return new ForbidResult(
new[] { OpenIddictServerAspNetCoreDefaults.AuthenticationScheme },
properties: new AuthenticationProperties(new Dictionary<string, string>
{
[OpenIddictServerAspNetCoreConstants.Properties.Error] = notification.Error ?? OpenIddictConstants.Errors.InvalidRequest,
[OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = notification.ErrorDescription,
[OpenIddictServerAspNetCoreConstants.Properties.ErrorUri] = notification.ErrorUri
}));
}
var principal = notification.GenericTokenPrincipal;
if (principal == null)
{
return new ForbidResult(
new[] { OpenIddictServerAspNetCoreDefaults.AuthenticationScheme },
properties: new AuthenticationProperties(new Dictionary<string, string>
{
[OpenIddictServerAspNetCoreConstants.Properties.Error] = notification.Error ?? OpenIddictConstants.Errors.InvalidRequest,
[OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = notification.ErrorDescription,
[OpenIddictServerAspNetCoreConstants.Properties.ErrorUri] = notification.ErrorUri
}));
}
Please share the error logs of the 500