hi
This package was introduced after >= 7.3.0.
https://github.com/abpframework/abp/pull/16521
hi
Have you overridden the PageHeader component/class in your project?
https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.AspNetCore.Components.Web.Theming/Layout/PageHeader.razor.cs#L11
No matter what, we always need to reproduce the problem locally.
Thanks.
Ok, you can add it to your scope, the. Angular will use refresh token automatically.
Thanks
Hi
Can you test your custom component in a new template project?
If template project also has this problem you can share it.
Thanks.
hi
I have checked, your api website can’t communicate with authserver website.
Please check the network problem.
Thanks
hi
Can you enable the debug logs and identitymodellogs then share them with liming.ma@volosoft.com?
https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems
Thanks.
hi
ABP & OpenIddict support the access token + refresh token flow.
Is there an offline_access scope in your angular environment.ts file?
import { Environment } from '@abp/ng.core';
const baseUrl = 'http://localhost:4200';
const oAuthConfig = {
//...
scope: 'offline_access MyProjectName'
};
hi
What is your LeptonX package version? It should be 4.1.1
I'm unable to reproduce it in a new template project. Can you share a project?
liming.ma@volosoft.com
Thanks.
hi
It's not only about access tokens, but also the same "problem" with cookies Browsers will strictly protect tokens or cookies. No one can obtain your cookies and tokens.
We also use common protective measures(HTTPS, XSS, XSRF/CSRF).
https://learn.microsoft.com/en-us/aspnet/core/security/?view=aspnetcore-9.0
hi
access tokens issued for one user can potentially be used by another user to make API requests.
Why can one user's token be obtained by another user? How did he get it?
Thanks
