Activities of "maliming"

hi

You can try to grant some/all permissions to a user. There should be no problem.

If you change the permission name and cause a problem, You can share here.

Thanks.

hi

Does the principal contain the tenant and roles? Have you debug to check the variable?

hi

Can you see the new permissions in the permission modal? Has your admin granted all permissions?

hi

This means the tenantid and role claims are not set correctly.

Please override the AuthorizeController as well.

Then check the principal(claims) in everywhere,

https://github.com/abpframework/abp/blob/rel-8.2/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs#L56

https://github.com/abpframework/abp/blob/rel-8.2/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs#L83-L84

https://github.com/abpframework/abp/blob/rel-8.2/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs#L157

https://github.com/abpframework/abp/blob/rel-8.2/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs#L225

https://github.com/abpframework/abp/blob/rel-8.2/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs#L260

hi

You can use different table names in different microservices.

https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.EntityFrameworkCore/Volo/Abp/EntityFrameworkCore/DistributedEvents/EventInboxDbContextModelBuilderExtensions.cs#L14 https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.EntityFrameworkCore/Volo/Abp/EntityFrameworkCore/DistributedEvents/EventOutboxDbContextModelBuilderExtensions.cs#L14

hi

All our code is on module,

Are you using the source code reference?

If so you can open the module's source code in VS and set the breakpoint.

hi

It is impossible to get TemplateDefinition based on culture.

You can check how to get template content by specifying the culture.

https://abp.io/docs/latest/Text-Templating#multiple-contents-localization

hi

Check the current tenant id(CurrentTenant.Change(principal.FindTenantId()).

Make sure the tenant id and user id are correct.

And what are claims in principal(var principal = (await HttpContext.AuthenticateAsync(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)).Principal;)

hi

Try to override the TokenController and set breakpoint to check the principal and var user = await UserManager.GetUserAsync(principal);

The AuthServer can't find a user from principal

using System.Security.Principal;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Mvc;
using OpenIddict.Abstractions;
using OpenIddict.Server.AspNetCore;
using Volo.Abp.AspNetCore.Controllers;
using Volo.Abp.DependencyInjection;
using Volo.Abp.OpenIddict.Controllers;


[ExposeServices(typeof(TokenController))]
public class MyTokenController : TokenController
{
    protected async override Task<IActionResult> HandleAuthorizationCodeAsync(OpenIddictRequest request)
    {
        // Retrieve the claims principal stored in the authorization code/device code/refresh token.
        var principal = (await HttpContext.AuthenticateAsync(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)).Principal;
        using (CurrentTenant.Change(principal.FindTenantId()))
        {
            // Retrieve the user profile corresponding to the authorization code/refresh token.
            // Note: if you want to automatically invalidate the authorization code/refresh token
            // when the user password/roles change, use the following line instead:
            // var user = _signInManager.ValidateSecurityStampAsync(info.Principal);
            var user = await UserManager.GetUserAsync(principal);
            if (user == null)
            {
                return Forbid(
                    authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
                    properties: new AuthenticationProperties(new Dictionary<string, string?>
                    {
                        [OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant,
                        [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = "The token is no longer valid."
                    }));
            }

            // Ensure the user is still allowed to sign in.
            if (!await PreSignInCheckAsync(user))
            {
                return Forbid(
                    authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
                    properties: new AuthenticationProperties(new Dictionary<string, string?>
                    {
                        [OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant,
                        [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = "The user is no longer allowed to sign in."
                    }));
            }

            await OpenIddictClaimsPrincipalManager.HandleAsync(request, principal);

            // Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
            return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
        }
    }
}

hi

Try to use the below Index Get code.

public async Task OnGetAsync()
{
    var cancellationTokenSource = new CancellationTokenSource();
    var cancellationToken = cancellationTokenSource.Token;
    Applications = await OpenIdApplicationRepository.GetListAsync(cancellationToken: cancellationToken);

    Languages = await LanguageProvider.GetLanguagesAsync();
    CurrentLanguage = CultureInfo.CurrentCulture.DisplayName;
    
    cancellationTokenSource.Dispose();
}