Activities of "maliming"

hi

Check the current tenant id(CurrentTenant.Change(principal.FindTenantId()).

Make sure the tenant id and user id are correct.

And what are claims in principal(var principal = (await HttpContext.AuthenticateAsync(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)).Principal;)

hi

Try to override the TokenController and set breakpoint to check the principal and var user = await UserManager.GetUserAsync(principal);

The AuthServer can't find a user from principal

using System.Security.Principal;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Mvc;
using OpenIddict.Abstractions;
using OpenIddict.Server.AspNetCore;
using Volo.Abp.AspNetCore.Controllers;
using Volo.Abp.DependencyInjection;
using Volo.Abp.OpenIddict.Controllers;


[ExposeServices(typeof(TokenController))]
public class MyTokenController : TokenController
{
    protected async override Task<IActionResult> HandleAuthorizationCodeAsync(OpenIddictRequest request)
    {
        // Retrieve the claims principal stored in the authorization code/device code/refresh token.
        var principal = (await HttpContext.AuthenticateAsync(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)).Principal;
        using (CurrentTenant.Change(principal.FindTenantId()))
        {
            // Retrieve the user profile corresponding to the authorization code/refresh token.
            // Note: if you want to automatically invalidate the authorization code/refresh token
            // when the user password/roles change, use the following line instead:
            // var user = _signInManager.ValidateSecurityStampAsync(info.Principal);
            var user = await UserManager.GetUserAsync(principal);
            if (user == null)
            {
                return Forbid(
                    authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
                    properties: new AuthenticationProperties(new Dictionary<string, string?>
                    {
                        [OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant,
                        [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = "The token is no longer valid."
                    }));
            }

            // Ensure the user is still allowed to sign in.
            if (!await PreSignInCheckAsync(user))
            {
                return Forbid(
                    authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
                    properties: new AuthenticationProperties(new Dictionary<string, string?>
                    {
                        [OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidGrant,
                        [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = "The user is no longer allowed to sign in."
                    }));
            }

            await OpenIddictClaimsPrincipalManager.HandleAsync(request, principal);

            // Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
            return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
        }
    }
}

hi

Try to use the below Index Get code.

public async Task OnGetAsync()
{
    var cancellationTokenSource = new CancellationTokenSource();
    var cancellationToken = cancellationTokenSource.Token;
    Applications = await OpenIdApplicationRepository.GetListAsync(cancellationToken: cancellationToken);

    Languages = await LanguageProvider.GetLanguagesAsync();
    CurrentLanguage = CultureInfo.CurrentCulture.DisplayName;
    
    cancellationTokenSource.Dispose();
}

hi

Angular seems post the wrong data.

Please share the angular requests.

You can record the angular requests and Export HAR..., then share the HAR file.

Thanks.

hi

Please try to remove all DynamicContributors and try again.

public override void ConfigureServices(ServiceConfigurationContext context)
{

    PostConfigure<AbpClaimsPrincipalFactoryOptions>(options =>
    {
        options.DynamicContributors.Clear();
    });
}

Thanks

hi

Please try to disable the dynamic-claims and try again, then share the logs.

https://abp.io/docs/latest/framework/fundamentals/dynamic-claims?_redirected=B8ABF606AA1BDF5C629883DF1061649A#enabling-the-dynamic-claims

Thanks

ok, please share your logs via https://wetransfer.com/

liming.ma@volosoft.com

Thanks

hi

public class MyNullCancellationTokenProvider : CancellationTokenProviderBase
{
    public static NullCancellationTokenProvider Instance { get; } = new();

    public override CancellationToken Token => OverrideValue?.CancellationToken ?? CancellationToken.None;

    public MyNullCancellationTokenProvider()
        : base(new AmbientDataContextAmbientScopeProvider<CancellationTokenOverride>(new AsyncLocalAmbientDataContext()))
    {
    }
}

hi

I have pushed the code. https://github.com/perquantum/g1-health/commit/01d5a9ab6ae88f7e25ffbaf3aa5887acd08e4dbd

G1.health.IdentityService

G1.health.AuthServer:

ok, I will add code to replace the services.