Activities of "r.abouzid"

Hi,

To clarify, this issue is not related to the Angular client, it’s happening directly at the API level. After the /api/two-factor-token/verify-two-factor-code endpoint succeeds, I’m trying to understand how to correctly complete the 2FA flow with the /connect/token endpoint.

Thanks.

Recommended Integration Steps:

1. Attempt login via /connect/token.
2. If response is RequiresTwoFactor, prompt for 2FA code.
3. Call /api/account/send-two-factor-code to send the code.
4. Call /api/two-factor-token/verify-two-factor-code to verify the code.
5. On success, retry /connect/token with the necessary 2FA parameters and cookies.

on the 5th step, i always get the same reponse,

{
    "error": "invalid_grant",
    "error_description": "RequiresTwoFactor",
    "error_uri": "https://documentation.openiddict.com/errors/ID2024",
    "userId": "64bd036e40dfb566c9663a1cac555ef0",
    "twoFactorToken": "CfDJ8OjtbOcGOuhPj+12OyiWV3SXN7Fyxkz++4yTtXvf1kghPvK1jWBjBlBAi4eJlLYr/hoL7LjhxYuf7A6JE0ZCycrCq7p+Uum/nrfCg1FSrKCgtEvAm2giNaxMXgC2lVwAfFStjyTvFnUphTpOKTlyFy0zFIYTE5w7p1Qn5l5c37ApBnPMJIOEkGitR0c71W/h42NOBDkbkslm8LD4uYPplW64OS2+kv1qX6ztA05N+XguZGEw+w+ZZJ0DgmPp0jXfug=="
}

Could you please clarify what specific parameters need to be included in the /connect/token request after a successful two-factor verification?

here are the details of the user :

    "tenantId": null,
    "userName": "anass02",
    "email": "usermail@gmail.com",
    "name": "anass",
    "surname": "ar",
    "emailConfirmed": true,
    "phoneNumber": "212XXXXXXXXX",
    "phoneNumberConfirmed": true,
    "supportTwoFactor": false,
    "twoFactorEnabled": true,
    "isActive": true,
    "lockoutEnabled": true,
    "isLockedOut": false,
    "lockoutEnd": null,
    "shouldChangePasswordOnNextLogin": false,
    "concurrencyStamp": "ebfb2a9518da4b25a78e77f312dc7eec",
    "roleNames": null,
    "accessFailedCount": 0,
    "lastPasswordChangeTime": "2025-09-30T10:26:11.4619998+00:00",
    "isExternal": false,
    "isDeleted": false,
    "deleterId": null,
    "deletionTime": null,
    "lastModificationTime": "2025-10-06T10:24:23.5644194",
    "lastModifierId": "f83f436c-cc3f-2f6b-8b58-3a1ca8a0e780",
    "creationTime": "2025-09-30T11:26:11.5069088",
    "creatorId": "f83f436c-cc3f-2f6b-8b58-3a1ca8a0e780",
    "id": "64bd036e-40df-b566-c966-3a1cac555ef0",
    "extraProperties": {}
}

as you can see emailConfirmed is true, supportTwoFactor false, twoFactorEnabled true.

• Template: microservice
• Created ABP Studio Version: 0.9.5
• UI Framework: angular
• Theme: leptonx
• Theme Style: system
• Database Provider: ef
• Database Management System: sqlserver
• Mobile Framework: maui
• Public Website: Yes

questions regarding two-factor authentication in the Identity module: What is the exact meaning of supportTwoFactor and twoFactorEnabled in the response of /api/identity/users/by-username/{username}?

{
    "tenantId": null,
    "userName": "user01",
    "email": "username01@gmail.com",
    "name": "username",
    "surname": "ar",
    "emailConfirmed": true,
    "phoneNumber": "212XXXXXXXXX",
    "phoneNumberConfirmed": true,
    "supportTwoFactor": false,
    "twoFactorEnabled": true,
    "isActive": true,
    "lockoutEnabled": true,
    "isLockedOut": false,
    "lockoutEnd": null,
    "shouldChangePasswordOnNextLogin": false,
    "concurrencyStamp": "4b8aa5a828fc44138a7634b1b9e37024",
    "roleNames": null,
    "accessFailedCount": 0,
    "lastPasswordChangeTime": "2025-09-22T15:09:59.4341739+00:00",
    "isExternal": false,
    "isDeleted": false,
    "deleterId": null,
    "deletionTime": null,
    "lastModificationTime": null,
    "lastModifierId": null,
    "creationTime": "2025-09-22T16:10:00.1319354",
    "creatorId": null,
    "id": "a129b42e-ebac-ad50-0a60-3a1c8426523a",
    "extraProperties": {}
}

When twoFactorEnabled is set to true, the /connect/token endpoint in auth server always responds with RequiresTwoFactor, even after sending and validating the SMS code with /api/account/send-two-factor-code and /api/two-factor-token/verify-two-factor-code. How should we correctly obtain the token after MFA validation? What is the recommended way to integrate the MFA flow into the login process with the ABP authentication server?

is the Angular version in the microservices template the same as the one generated in DDD projects?

• Template: microservice
• Created ABP Studio Version: 0.9.5
• UI Framework: angular
• Theme: leptonx
• Theme Style: system
• Database Provider: ef
• Database Management System: sqlserver
• Mobile Framework: maui
• Public Website: Yes I would like to know if it's possible to generate an Angular frontend in a microservice-based ABP project. If yes, could you please guide me on how to achieve this?

How can I integrate my authentication server with an existing authentication server that does not support OAuth2?

• Template: microservice
• Created ABP Studio Version: 0.9.5
• Current ABP Studio Version: 0.9.21
• UI Framework: angular
• Theme: leptonx
• Theme Style: system
• Database Provider: ef
• Database Management System: sqlserver
• Mobile Framework: maui
• Public Website: Yes I want to activate Two-Factor Authentication (2FA) and manage its activation or deactivation in the ABP administration console for each ApplicationId - specifically, how to activate or deactivate 2FA per application. How can I accomplish this? Additionally, I'd like to add more 2FA options (we currently have SMS and email, but I want to add Google Authenticator as an option during login). Finally, how can I integrate SMS/email providers like Infobip?

Hi,

Could you please provide more explanation or add more details? Your response is too abstract. The problem is still persisting, and we need a solution.

Regards

• Template: microservice
• Created ABP Studio Version: 0.9.5
• Current ABP Studio Version: 0.9.21
• UI Framework: angular
• Theme: leptonx
• Theme Style: system
• Database Provider: ef
• Database Management System: sqlserver
• Mobile Framework: maui
• Public Website: Yes

We have defined the required scopes in the backoffice screen for our application (see the picture below). However, when making an HTTP request to obtain a token using the password grant type, we need to manually specify the scopes in the scope parameter of the token request. Since the scopes are already configured in the backoffice, shouldn’t they be dynamically included in the token request without requiring us to hardcode them in the code? Could you clarify how the scopes defined in the backoffice are intended to be used and whether there is a way to automatically include them in the token request?

public async Task<GetTokenResponseDto> GetTokenAsync(UserLoginInfoDto userLoginInfoDto)
        {
            var _client = _httpClientFactory.CreateClient();
            string tokenUrl = $"{_authServerUrl}/connect/token";
            FormUrlEncodedContent tokenRequest = new FormUrlEncodedContent(new[]
            {
                new KeyValuePair<string, string>("grant_type","password"),
                new KeyValuePair<string, string>("client_id", _configuration["AccountClient:ClientId"]),
                new KeyValuePair<string, string>("client_secret", _configuration["AccountClient:ClientSecret"]),
                new KeyValuePair<string, string>("username", userLoginInfoDto.UserName),
                new KeyValuePair<string, string>("password", userLoginInfoDto.Password),
                new KeyValuePair<string, string>("scope", " ...SCOPES.... ")     //Scopes Added Here
            });
 
            HttpResponseMessage response = await _client.PostAsync(tokenUrl, tokenRequest);
            response.EnsureSuccessStatusCode();
            var responseContent = await response.Content.ReadAsStringAsync();
            return !string.IsNullOrWhiteSpace(responseContent) ? JsonConvert.DeserializeObject<GetTokenResponseDto>(responseContent) : throw new Exception(L["EmptyResponse"]);
        }

• Template: microservice
• Created ABP Studio Version: 0.9.5
• Current ABP Studio Version: 0.9.21
• UI Framework: angular
• Theme: leptonx
• Theme Style: system
• Database Provider: ef
• Database Management System: sqlserver
• Mobile Framework: maui
• Public Website: Yes

We are currently working on customizing the error messages returned by our ABP-based application in cases where exceptions occur. We have successfully implemented custom error messages for BusinessException as described in the ABP documentation. (https://abp.io/docs/latest/framework/fundamentals/exception-handling) However, we are encountering difficulties in modifying the error messages for other types of exceptions (e.g., ArgumentException, InvalidOperationException, or generic Exception) . Our goal is to provide custom error messages to the client, with multilanguage support, instead of exposing the default exception details. Specifically, we would like to know what is the recommended approach for intercepting and modifying exception messages before they are returned to the client in non-business exception scenarios?