Activities of "pvala"

Hi, I have created the ticket

https://abp.io/support/questions/7989/User-profile-picture-section-not-visible-after-user-logs-in

• ABP Framework version: v8.2.1
• UI Type: Angular
• Database System: EF Core (MySQL)
• Tiered (for MVC) or Auth Server Separated (for Angular): yes, Angular with Microservice Architecture
• Exception message and full stack trace:
• Steps to reproduce the issue:

Reference ticket : https://abp.io/support/questions/7882/Override-the-existing-Users-Roles--Permissions-Methodology

Consider the above ticket for reference.

After the user successfully logs into the angular application, on the top right corner area, we should have a section where there is a profile picture of the user displayed and under which the username of the user is displayed. And when clicked on profile picture, a small box section is displayed to execute user related actions.

Example :

But instead of this, we are getting the right arrow icon, clicking on which it will be redirected to the Auth Server. Just like how when it's there when the user is logged out.

Also, here is the value of currentUser property of the response of the abp app configuration api call when breakpoint hits on the auth server project

"currentUser": { "isAuthenticated": true, "id": "3a0daa97-5fba-2079-563c-3e26309bdc81", "tenantId": "3a0daa97-5b6d-e661-4f00-22309be7478d", "impersonatorUserId": null, "impersonatorTenantId": null, "impersonatorUserName": null, "impersonatorTenantName": null, "userName": "admin", "name": null, "surName": null, "email": "safwan@gmail.com", "emailVerified": false, "phoneNumber": null, "phoneNumberVerified": false, "roles": [ "admin" ], "sessionId": null },

1. What are the current user claims of the authserver project? Current Claims when hit the breakpoint on Login.chstml.cs page of the authseerver project

"sub: 3a0daa97-5fba-2079-563c-3e26309bdc81" "preferred_username: admin" "email: safwan@gmail.com" "AspNet.Identity.SecurityStamp: 6DCVHJYKEIHLAYOAR3SQBAPWS23CADJ5" "role: admin" "tenantid: 3a0daa97-5b6d-e661-4f00-22309be7478d" "amr: pwd"

2. Please share access_token of this request.

Endpoint : https://test2dev.localhost:44322/connect/token

Payload : grant_type: authorization_code code: nbTa2qb06FU_FlB3rvA8zFORItoJNIZhFC6yDM_fJyg redirect_uri: http://test2dev.localhost:4200 code_verifier: NHVvdURWZ2tRUnd4NGEyTFFEVkd2Q2RxOGdmQVVuZkdMVjdRVURVZmtmUEZy client_id: Angular

Response : { "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjEzQkQ5MUI5RTFDRkI2QjJGRTQ2OEQ1REE1NTUwMjc0NjcyNDFCRjMiLCJ4NXQiOiJFNzJSdWVIUHRyTC1SbzFkcFZVQ2RHY2tHX00iLCJ0eXAiOiJhdCtqd3QifQ.eyJpc3MiOiJodHRwczovL3Rlc3QyZGV2LmxvY2FsaG9zdDo0NDMyMi8iLCJleHAiOjE3Mjc0MTc1MzUsImlhdCI6MTcyNzQxMzkzNSwiYXVkIjpbIkFjY291bnRTZXJ2aWNlIiwiSWRlbnRpdHlTZXJ2aWNlIiwiQWRtaW5pc3RyYXRpb25TZXJ2aWNlIiwiU2Fhc1NlcnZpY2UiLCJQcm9kdWN0U2VydmljZSIsIkNsaW5pY1NlcnZpY2UiLCJBcHBvaW50bWVudFNlcnZpY2UiLCJGb3Jtc1NlcnZpY2UiXSwic2NvcGUiOiJvZmZsaW5lX2FjY2VzcyBvcGVuaWQgcHJvZmlsZSBlbWFpbCBwaG9uZSBBY2NvdW50U2VydmljZSBJZGVudGl0eVNlcnZpY2UgQWRtaW5pc3RyYXRpb25TZXJ2aWNlIFNhYXNTZXJ2aWNlIFByb2R1Y3RTZXJ2aWNlIENsaW5pY1NlcnZpY2UgQXBwb2ludG1lbnRTZXJ2aWNlIEZvcm1zU2VydmljZSIsImp0aSI6IjRlNjM5M2U0LWU0NjEtNGRjNC1hNzljLTY0OTk4NzhmM2EzZSIsInN1YiI6IjNhMGRhYTk3LTVmYmEtMjA3OS01NjNjLTNlMjYzMDliZGM4MSIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJzYWZ3YW5AZ21haWwuY29tIiwicm9sZSI6ImFkbWluIiwidGVuYW50aWQiOiIzYTBkYWE5Ny01YjZkLWU2NjEtNGYwMC0yMjMwOWJlNzQ3OGQiLCJvaV9wcnN0IjoiQW5ndWxhciIsIm9pX2F1X2lkIjoiM2ExNGVjYWYtZGFlMC1kNTM1LTQyMDEtNzE5N2U2ZTMwOTJlIiwiY2xpZW50X2lkIjoiQW5ndWxhciIsIm9pX3Rrbl9pZCI6IjNhMTU0NDExLWI3OGEtZDRhYy1iNTg0LWY0NmY3MTFiMDdlNSJ9.qaWIdl_7oxMzEURkomyX3-uJn4SWx7doGawPPvc9d5ll8cLNUnKYZEGF9zlSxVyhZD0MrjfJqvKWXEerDFBTM15LeKbupWj0jDdJfYmQS0Im1CJFWokVSwG5bywliuvlQjEpswuOO-lmDlGbtVHJZYvq9AWh0OrgmQYIsyC1MYBbKpF4yclgTxu2k4CCec-dybdQD6YfK-ON-mAGhUqSGZ4Vy3nqhQ1CSObRGVPtW0u9tK82wasvnpKBvKsvILXTPlKlVNvBNDGuJAVcNWkZafZW6mwLeO7ayfkTu4t2n6rDTYrHtoYV-KutEFhC5URYdfHH-YEBkwAlbwxCkgB3Q", "token_type": "Bearer", "expires_in": 3598, "scope": "offline_access openid profile email phone AccountService IdentityService AdministrationService SaasService ProductService ClinicService AppointmentService FormsService", "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjEzQkQ5MUI5RTFDRkI2QjJGRTQ2OEQ1REE1NTUwMjc0NjcyNDFCRjMiLCJ4NXQiOiJFNzJSdWVIUHRyTC1SbzFkcFZVQ2RHY2tHX00iLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL3Rlc3QyZGV2LmxvY2FsaG9zdDo0NDMyMi8iLCJleHAiOjE3Mjc0MTUxMzUsImlhdCI6MTcyNzQxMzkzNSwiYXVkIjoiQW5ndWxhciIsInN1YiI6IjNhMGRhYTk3LTVmYmEtMjA3OS01NjNjLTNlMjYzMDliZGM4MSIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJzYWZ3YW5AZ21haWwuY29tIiwidGVuYW50aWQiOiIzYTBkYWE5Ny01YjZkLWU2NjEtNGYwMC0yMjMwOWJlNzQ3OGQiLCJvaV9hdV9pZCI6IjNhMTRlY2FmLWRhZTAtZDUzNS00MjAxLTcxOTdlNmUzMDkyZSIsImF6cCI6IkFuZ3VsYXIiLCJub25jZSI6ImMyRkhPVzVqYW01c1lUWi1haTE1YkZOUmQwUkxhMmRQWkVvNFVsOHdWVEJXZmtNdU1sRkxVMDgwVVZZNCIsImF0X2hhc2giOiJnb29ET01vcFQxVTBIVG81ZjVZeWRnIiwib2lfdGtuX2lkIjoiM2ExNTQ0MTEtYjk0My02Yzk1LWY0NDMtODA1MDZmODI1NTE1In0.l9E1MBJCFINBFp9BUZkm4fu1rHFy38PW9WcMus_12D-Y4WgEzFYQTREH-SPvvAKGk9Sc8aHUaMWIFZFO86L51AjbEOSazKhNhnGBpZO_o5AenXmGYeWb2I6mE4Sa5oIPZz61nM9J2Fat1eoqyojRL0_GNHscEd5xa8l2NANX31HbCB4_L0fVeqk5y9X2hPtLzmXh21rJJ7SsDWZYAwWM_Zh-0nnJPH2PKhtZPEE57QqrHD16JcjG86-AKcrl5tE0XUp9fmf5LrLN5za4HUrjnJr94j7TIJuk63RIWQwvwHC-kMBqkEcirOSusHhCUEFdiQqgsxrzOFE2UE4GmbgfQw", "refresh_token": "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiIyRUJEQzZDQTEzMTNENTJDMkQzQTc3NDhEMzM5RTI5RDgwMTUxQTU1IiwidHlwIjoib2lfcmVmdCtqd3QiLCJjdHkiOiJKV1QifQ.lzO4fwMo3yONJS_X0Nxk7DF-EnBmhgI3zcf7ZtxynQf6QXxB37VvG9g6gt0BQdHvNXJ0WKH5U9ro-EmwKGe9RhPJjt2WMBwcuQcWv1qyDK65SZ9ryKNoX1KaldTAFFOIfMvdflEUyMZK0Bz7jqQsEHXhExgfxSzshx9LDZub16MX0KavHmpyk1i_D9h-94S0UMlK2Au1hVbKwk7vDQxb-BJ8lIgj9EhW1ci5uV4IQNQ2DaO2UD05nGj5EiX7ZwVeR0pXR48XR_bQkTJNZbzC9Add07hW4xiCcHlHRUXYWZEEVvSAuSH6ewYydru3p4X2g1Tji-QaabKrY9gSAf0hOA.-a7O1vaRlgI2sFaw_62nMg.ebu4GOrMb-0ALghZRxN8bj95P1c6f52HlhYUxmAIJYevB8pIDhQjUgEUy-QAjQHpXRnY3JIkjJzwukqbQYQH1PSTlrpgNmY73i59V7VoLmim_3qu70kuv9QGPl5hb-CTyY2xQE0fCTxBZNPg4sPq006RRm-yProcZe-r3a0BZf5wczZMF5SHmthDk43T5dH_RhLVuAiMRgkWPsEi1Y4_6LBlR-mYMo-xLBxmsl3EtFFT7VXeVreuNFGpx3GYReLMu0pgTK2aYgS63NClBthx0MFysIoAL35FXsITXGRm8Hiso_n8AajI5ny7ovAxN3aYh8peCOza5DqdkUJUI2eMZeR4j53PiFRy5_xb-OxjvQhy9j-jm3yK9ghUCCCshjQ-TZcVFPGm-pi0frtA6UtPfWfDIOvTae1T9AMYCoasb-zUZynJstw-8ZK1Ehz5f55GRdd0-wW3YjDz6On9CFdkxbyVPI39QVr2_F9VQrdXBs4oN8tJoRvn0fzGs50BLT3KBfstOZObyKCC7zHvJAxBRE6ZVsjyW3zzU5qgUGNjsLw238HYEK2yJw5f1F7x1lLMSFDYxnmE8ShXD9w0RvLc9a0Lkxi9eZ_SHW_KPN1WNvsdg6gCKHbCiWNqC4JmBIYNtzsymXFK5LUGE19cHeXl6bXgD3k1S7w_v1AuWhjIqp7AbN8TftLa-KUt4DtM1oGbBmVGNjazhElPlzDxMQgARcLW4H2BP5sTV2m12F8chgHHC_fHa9wlPZCzEP7wErjTE36nwtkdxJYoCeugXG-539DyPB8tM0yAqbKuko1Jqu5sIbdJfEH73n5mSUbI7zXTnQdLgRzFlELuH6viGSveT24IylyhGeypUwKv01IeOhMQGA4mZmLmaLQoKTuKCSN3kX44MUs02_ZYZ6Bj5Qh25SAbDjuQ08jhgMyTKTdeXXFvNEOk40AAmWh081rURjybfEL2AbGrqc3NYihh_IUKCuEQ8VA_Tj-dXG_DX_IPhXfKmmRqUqvzDF4VFbnGIAf0hH5KVQSYes-SHxLaX5Dc5zMnsKfJVbh4UEJm_In0ri1suoXMDgY0XHkfIP_lKVEUFEMncPpTdILWpbECwTfNx1tzzBTgDOcrMILVT2H5vuaoxAlSrxXWYyw5LiL_phUOjLHs0c4-iuynJKCoRlFIOHbbVAk_JTXVGJkhRK_T9Dc2DVR8iEkgFCJvhMUCNBu-AB1vSl_HHq97vMfgV9qeOHzGpHDVI_1ct3PsEZMacdJq0AFd5H3TP2GKdDY6z-eUcV0F7OLB54lAZLpRhkn30XlwXne_w1q9H3GTmBW6W56lP1vvuaWH6roJklz0trpqjGOxay8lfF5bBPU5MvFr3rUXotFSLTmHW3Hg7qv0_VO_xK1MQ5WRwzFa3Do8OOJqD_kFQcVGxgf4NHhtto18mewHkQWdiGXo3Hk7-LN9gQXoyh8FeAiJ6Alf2WTbhlVa1s2F0bRuCo1tKeziGMc4Oa5ZfQnr0xoDCLKdsPUA0k4gvL42uZz8onE4riIyrO5FNQtxVSZ2AnAB4lpIhdFkyI2IN2bJS1Qdl-fwC3Ikbny6FMzMoOuWFQ80qkduk0EaUWKPOGpYXXJt-T2T5mW2NCuicGjmUdl8Hg2GnKUbW5mEUk1IkSWxvD9bs_Up28R465H5C3B5qIk5xFj4KDBNPsqwXt6NUCbGUcAbH8Y7ZfwiTj6kpGhq72DpDO-qRsh58Au8Eqn4_8JuWox4lrZAlXK6n1XBrUEwi4y2PyYJASfKtrUMySAk5y57KvPyLcWyQUZmbOMBgo1MDD-u77r1_r2ib7pqmQQSaY34zHEa27xRmRXD74W1KjXnIW-VPHPn0l0lBjkPfEyulr168FaIEMo48XfAtgGL5DXKH4ozf0hAGPMPtKP3ACs7d1AkOO3_xeHvy18n19lZ_6Pv9oqLBKM3MHUd4SH1DOAASfw25vkontN0DHs9o0Kxq4Y9_NhZxFvfr1GVhmwC3K8G2tOyM9VjvX6jJJdDLeeGerFWgc3qiZTNPMtTfte7RfKJee6S1zDq22Nu7zh5_zDwiBPWL1_iVvVyilzS16CeaRl9EPnKohrh2AcPSyLBlPsD9IP4aBu5QUnBK9X4War0wa9rTFUbDT18kFWzYSkGAgoneClZ-BzMjDG2CoCZXUFeFbOtowKaSVvGqt4cfze1D70T65CJLGfTk-jBzxJRtpLARp5LHhiBC_HlgZDCxNF6P1dtq7TtZribouxRpiv7PoYfxTq85UJ2p-ur-pVpP9nWai5JdOzzsEhjU5ZmZ8I59LgJtSBLfNMEeQreB77ZF7cOPzK_OR01A57ygsAGO_C4LPIyHaQYc7X0ZZWb-5uxeyrpiLfty1MfeNN43AK7sq8Ms-QkH1AN-jQoQ6i98V0-ahLJEZM36zExv1otwCEH5wVHyY0KO4fGVUYd0GFgM22gNCX36RjjtRG4y6JOJC2vzfllORYlFlhW7NDTudW3lcxYv1C-j8oiurdwLhPK9PPB6cBA_4O5ZTpl-UT6K3ttR8g1g_PHh0TDGJBMa3kkWhegQKnOqRUHHVlMRXH0pn3xDTkKLIwi2vq1_HfrHrv4bqZ-KIAUOUxk1OwQr0dP4LsUsdlqiSVKoW0U8fM6E8goZeYDayHg59nUo60rY30VFvGMLpdJn1Jh_tVi2a83fUFWhpzjGWfgPdadyYcLXvx1-3cvxEzBzxgnmrP8hsdzxt0wUADM67M5buTL5i97OcH85cjQi8TvRlx3jR_zDmPBRKfZ-7njrlj_NXGxTJSNDBqHDt_R__DFFkMD7pgBDSZd2S86MT65BcSTl3ocBzdIsrgWbyMgbRqo7tcIAvMNxaHv52GrqY8zbeGmQr9zcjP12YQ442y4woOaEzs-6GOiy6MF_5qsd18gfKh5V4djDWhhIcSqm1DCfbz-zGm-76NVptT6XqV0BQhdJggIPVWorKT_3aG33k-2iA8x18dhX647WEYa29zGR3MD-M0ep7XgjTJw1YWwYC7O3IhiiQpQ6PrkMB1n0SIFPPKFx7zUjsIecyxrz0l8EMxxMMB5sL7OZkAJ1hIG55C02D_kxo-dgsjtO4M2bYNeYFvk2zUZ83WVjN1d31qqnerqNeaxbjCeI0p5V1H5v4pp9cMZUhpTgKHfisxj9UlgEuOflNs6OBGFHm2eUL804yX00ltsMdTHBmAX5t5EcIayukwUVibrrnDsI1VrWH8NJo8fuTPLrMHKhSrAwjimnaa2grfSorXm9tV_F469oNvEk5mavnI1A.eMbinHcmgx8GnC4TymoVJtu2mSUbr-vDpmIZbZAtf30" }

3. Please share all logs of this case.

I am sharing the logs via WeTransfer

Hi, I am finally able to get into the angular application with the user, but because the claims of the user doesn't have the Tenant Id as a claim, it fetches all the permissions and assigns to the user, we want only those permissions which are related to Tenant (i.e., Permissions from the AbpPermissions table with MultiTenancySide as 1 or 3).

For that, because the claim doesn't contain the TenantId, I had to manually add the claim like this :

protected override async Task<ClaimsIdentity> GenerateClaimsAsync(Volo.Abp.Identity.IdentityUser user)
{
    var id = await base.GenerateClaimsAsync(user).ConfigureAwait(false);

    var existingRoleClaims = id.Claims.Where(x => x.Type == ClaimTypes.Role).ToList();

    foreach (var item in existingRoleClaims)
    {
        id.RemoveClaim(item);
    }

    if (UserManager.SupportsUserRole)
    {
        var roles = await IdentityUserManager.GetRoleNamesAsync(user).ConfigureAwait(false);
        foreach (var roleName in roles)
        {
            id.AddClaim(new Claim(Options.ClaimsIdentity.RoleClaimType, roleName));

            if (RoleManager.SupportsRoleClaims)
            {
                var role = await IdentityRoleManager.FindByNameAsync(roleName).ConfigureAwait(false);
                if (role != null)
                {
                    id.AddClaims(await RoleManager.GetClaimsAsync(role).ConfigureAwait(false));
                }
            }
        }
    }
    
    ********** THIS LINE I ADDED ***********
    id.AddClaim(new Claim(AbpClaimTypes.TenantId, user.TenantId.ToString()));
    
    return id;
}

I added that line in the code to achieve this.

Now, after all this, I am able to get the permissions related only to Tenants, but I am getting this login icon even after user being logged in.

And I also observed that when I check in the abp configuration response :

"currentUser": {
    "isAuthenticated": true,
    "id": "3a0daa97-5fba-2079-563c-3e26309bdc81",
    "tenantId": "3a0daa97-5b6d-e661-4f00-22309be7478d",
    "impersonatorUserId": null,
    "impersonatorTenantId": null,
    "impersonatorUserName": null,
    "impersonatorTenantName": null,
    "userName": null,
    "name": null,
    "surName": null,
    "email": "safwan@gmail.com",
    "emailVerified": false,
    "phoneNumber": null,
    "phoneNumberVerified": false,
    "roles": [
        "admin"
    ],
    "sessionId": null
},

Here some of the claims are missing, like sessionId, username, name, I think it might be related to that, can you guide?

While in the other tab where angular app is continuously reloading, I check in the network tab,

https://test2dev.localhost:44322/connect/token

this api is failing with 400 error code bad request.

{error: "invalid_grant", error_description: "The token is no longer valid.",…}

I folowed the steps, and after logging in, the angular app kept reloading the same logged out page, while in another tab I opened the Auth Server project URL, put a breakpoint at the OnGetAsync method in the Login.cshmtl.cs page.

And there we have the ICurrentPrincipalAccessor injected in the class, there I checked the claims in the principal, but the list was empty. There are no claims in the principal there. And I also check the values of CurrentUser, and it was also having null and default values, that means the current user is not having the correct values.

It's trying to check the TenantId claim from this method from the AbpClaimsIdentityExtensions file (namespace System.Security.Principal)

public static Guid? FindTenantId(this ClaimsPrincipal principal)
{
	Check.NotNull(principal, "principal");
	Claim claim = principal.Claims?.FirstOrDefault((Claim c) => c.Type == AbpClaimTypes.TenantId);
	if (claim == null || claim.Value.IsNullOrWhiteSpace())
	{
		return null;
	}
	if (Guid.TryParse(claim.Value, out var result))
	{
		return result;
	}
	return null;
}

I tried to debug here and here the

principal.Claims?.FirstOrDefault((Claim c) => c.Type == AbpClaimTypes.TenantId);

this line is returning null as a claim, i.e., TenantId is not present as a claim in the principal and about the roles part, this is the list of claims I am getting in the principal variable and I am not seeing roles as a claim in the list, so I think roles claim is also not present in the principal.

"iss: https://test2dev.localhost:44322/" "exp: 1727326332" "iat: 1727326032" "oi_cl_dstn: {""oi_scp"":[""access_token""],""oi_au_id"":[""access_token""],""preferred_username"":[""access_token"",""id_token""],""email"":[""access_token"",""id_token""],""sub"":[""access_token""],""oi_rsrc"":[""access_token""]}" "sub: 3a0daa97-5fba-2079-563c-3e26309bdc81" "preferred_username: admin" "email: safwan@gmail.com" "AspNet.Identity.SecurityStamp: 6DCVHJYKEIHLAYOAR3SQBAPWS23CADJ5" "oi_scp: offline_access" "oi_scp: openid" "oi_scp: profile" "oi_scp: email" "oi_scp: phone" "oi_scp: AccountService" "oi_scp: IdentityService" "oi_scp: AdministrationService" "oi_scp: SaasService" "oi_scp: ProductService" "oi_scp: ClinicService" "oi_scp: AppointmentService" "oi_scp: FormsService" "oi_rsrc: AccountService" "oi_rsrc: IdentityService" "oi_rsrc: AdministrationService" "oi_rsrc: SaasService" "oi_rsrc: ProductService" "oi_rsrc: ClinicService" "oi_rsrc: AppointmentService" "oi_rsrc: FormsService" "oi_prst: Angular" "oi_reduri: http://test2dev.localhost:4200" "oi_cd_chlg: jHXfUpUcsI-oJ5MA5vuDsguSstUszWkzRNGZzxhZTbM" "oi_cd_chlg_meth: S256" "oi_nce: QVF6bU1EczNQd1p2VlpBRmt5cFl5SkFmeWVFSkJGUmhmN2M0dWNaZTNMTFZq" "oi_crt_dt: Thu, 26 Sep 2024 04:47:12 GMT" "oi_exp_dt: Thu, 26 Sep 2024 04:52:12 GMT" "oi_au_id: 3a14ecaf-dae0-d535-4201-7197e6e3092e" "oi_tkn_id: 3a153ed4-6d5e-82a6-ce8e-639fe91a5623" "oi_tkn_typ: authorization_code"

I have also pushed the MyAuthorizeController file that I have added to the repository, if they can check that.

I am able to register the controller now, but now again the same loop is going on, it just keeps redirecting to the angular app's logged out page and I have put breakpoints at

protected async override Task<IActionResult> HandleAuthorizationCodeAsync(OpenIddictRequest request)

and

public override async Task<IActionResult> HandleAsync()

It just keeps hitting at these 2 places continuously, I will share you the logs.