We have a .net API to get a token using the IdentityModel.Client.
When I call the API using Postman that's pointing to the auth-server running on localhost via Tye I'm able to successfully get a token. When I call the API pointing to the auth-server running in Azure Kubernetes I get an invalid username and password error.
The code is the exact same. The database is the same and the credentials are the exact same.
Here's the log from the localhost version: [auth-server_7b8d49a0-6]: [14:31:40 INF] Request starting HTTP/1.1 GET https://localhost:44322/.well-known/openid-configuration - - [auth-server_7b8d49a0-6]: [14:31:40 INF] Request finished HTTP/1.1 GET https://localhost:44322/.well-known/jwks - - - 200 1620 application/json;charset=UTF-8 14.9184ms [auth-server_7b8d49a0-6]: [14:31:40 INF] Request starting HTTP/1.1 POST https://localhost:44322/connect/token application/x-[www-form-urlencoded 357](http://www-form-urlencoded 357) [auth-server_7b8d49a0-6]: [14:31:40 INF] The request URI matched a server endpoint: Token. [auth-server_7b8d49a0-6]: [14:31:40 INF] The token request was successfully extracted: { [auth-server_7b8d49a0-6]: "grant_type": "password", [auth-server_7b8d49a0-6]: "username": "admin", [auth-server_7b8d49a0-6]: "password": "[redacted]", [auth-server_7b8d49a0-6]: "scope": "address email phone profile roles AccountService IdentityService AdministrationService SaasService ClientService ServicesService ClientServiceQueryService UserInfoQueryService DocumentService GuardianshipService NotesService ContactService EngagementLogService DocTemplateService FinancialsService", [auth-server_7b8d49a0-6]: "client_id": "PublicAPI", [auth-server_7b8d49a0-6]: "client_secret": "[redacted]" [auth-server_7b8d49a0-6]: }. [auth-server_7b8d49a0-6]: [14:31:41 INF] The token request was successfully validated. [auth-server_7b8d49a0-6]: [14:31:42 INF] The response was successfully returned as a JSON document: { [auth-server_7b8d49a0-6]: "access_token": "[redacted]", [auth-server_7b8d49a0-6]: "token_type": "Bearer", [auth-server_7b8d49a0-6]: "expires_in": 3600 [auth-server_7b8d49a0-6]: }. [auth-server_7b8d49a0-6]: [14:31:42 INF] Request finished HTTP/1.1 POST https://localhost:44322/connect/token application/x-[www-form-urlencoded 357](http://www-form-urlencoded 357) - 200 1946 application/json;charset=UTF-8 1888.1892ms
Here's the log from the AKS version: [20:18:22 INF] Request starting HTTP/1.1 GET http://authserver.cloverleafcms.dev/.well-known/openid-configuration - - [20:18:22 INF] Request finished HTTP/1.1 GET http://authserver.cloverleafcms.dev/.well-known/openid-configuration - - - 200 2461 application/json;charset=UTF-8 171.3345ms [20:18:22 INF] Request starting HTTP/1.1 GET http://authserver.cloverleafcms.dev/.well-known/jwks - - [20:18:22 INF] The token request was successfully extracted: { "grant_type": "password", "username": "admin", "password": "[redacted]", "scope": "address email phone profile roles AccountService IdentityService AdministrationService SaasService ClientService ServicesService ClientServiceQueryService UserInfoQueryService DocumentService GuardianshipService NotesService ContactService EngagementLogService DocTemplateService FinancialsService", "client_id": "PublicAPI", "client_secret": "[redacted]" }. [20:18:24 INF] The response was successfully returned as a JSON document: { "error": "invalid_grant", "error_description": "Invalid username or password!", "error_uri": "https://documentation.openiddict.com/errors/ID2024" }. [20:18:25 INF] Request finished HTTP/1.1 POST http://authserver.cloverleafcms.dev/connect/token application/x-[www-form-urlencoded 360](http://www-form-urlencoded 360) - 400 155 application/json;charset=UTF-8 3198.2666ms
I can give you read access to our GitHub repositories if necessary.
Thank you
Where specifically do I put these lines of code? What service or application? What cs file? etc.
Hi,
Can you be more specific about what you mean? It's not real clear from the link to the source code.
Thank you
Here it is:
[13:42:17 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/.well-known/openid-configuration - -
[13:42:17 INF] CORS policy execution successful.
[13:42:17 INF] The request URI matched a server endpoint: Configuration.
[13:42:17 INF] The configuration request was successfully extracted: {}.
[13:42:17 INF] The configuration request was successfully validated.
[13:42:17 INF] The response was successfully returned as a JSON document: {
"issuer": "https://authserver.cloverleafcms.dev/",
"authorization_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/authorize",
"token_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/token",
"introspection_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/introspect",
"end_session_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/logout",
"revocation_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/revocat",
"userinfo_endpoint": "https://auth.txguardians.cloverleafcms.dev/connect/userinfo",
"device_authorization_endpoint": "https://auth.txguardians.cloverleafcms.dev/device",
"jwks_uri": "https://auth.txguardians.cloverleafcms.dev/.well-known/jwks",
"grant_types_supported": [
"authorization_code",
"implicit",
"password",
"client_credentials",
"refresh_token",
"urn:ietf:params:oauth:grant-type:device_code",
"LinkLogin",
"Impersonation"
],
"response_types_supported": [
"code",
"code id_token",
"code id_token token",
"code token",
"id_token",
"id_token token",
"token",
"none"
],
"response_modes_supported": [
"form_post",
"fragment",
"query"
],
"scopes_supported": [
"openid",
"offline_access",
"email",
"profile",
"phone",
"roles",
"address",
"AccountService",
"IdentityService",
"AdministrationService",
"SaasService",
"ClientService",
"ServicesService",
"ClientServiceQueryService",
"UserInfoQueryService"
],
"claims_supported": [
"aud",
"exp",
"iat",
"iss",
"sub"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"code_challenge_methods_supported": [
"S256"
],
"subject_types_supported": [
"public"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"introspection_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"revocation_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"claims_parameter_supported": false,
"request_parameter_supported": false,
"request_uri_parameter_supported": false,
"authorization_response_iss_parameter_supported": true
}.
[13:42:17 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/.well-known/openid-configuration - - - 200 2313 application/json;charset=UTF-8 8.9659ms
[13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/connect/logout?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IjhFOEEwNTQyMUVENUYyRDlFMDcyNzIwNEFDQUQxQTFDRDlBRDEyRkUiLCJ4NXQiOiJqb29GUWg3Vjh0bmdjbklFckswYUhObXRFdjQiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiI5YmIyMWFjOS1kM2FjLTg4N2UtYjUyMS0zYTBjOWM1ZDA4ZDYiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJFZGR5Rml0eiIsImVtYWlsIjoiZWRkeWZpdHpAZ3RleHRlc3QuY29tIiwidGVuYW50aWQiOiIwZWVjM2M1OS1mNzE4LWE5MTYtM2M4Ny0zYTBjOWM1N2RhZjgiLCJ1bmlxdWVfbmFtZSI6IkVkZHlGaXR6Iiwib2lfYXVfaWQiOiI0ZDljNWJmYy0wYWM1LTkyNTktYTFkZS0zYTBjOWZhODE4MTUiLCJhenAiOiJDbG92ZXJsZWFmQ01TIiwiYXRfaGFzaCI6ImRhaWZNQnk0MG5yaGZHek1UeGt5ZEEiLCJvaV90a25faWQiOiIwNzFkMzE0ZC00Njg1LTA0MmEtMjU3MC0zYTBkYzUwMDExY2QiLCJhdWQiOiJDbG92ZXJsZWFmQ01TIiwiZXhwIjoxNjk1MjE4NTAxLCJpc3MiOiJodHRwczovL2F1dGhzZXJ2ZXIuY2xvdmVybGVhZmNtcy5kZXYvIiwiaWF0IjoxNjk1MjE3MzAxfQ.eYbszCdoQR-nz2qpEvLgq1lsxYZqw7nYCLlhaoKwk1Y_TyQVoCode59kbhX_hSnFuvOTFBbw_cq2qES9nAr0s8UED4cStuVmsNGHTcjmozLFCaRUjKpQZRoXvKDupZ-ggE-lj6ME4VMvxUbscIYL71P5ravYf4uxLMt4_FBGyGycMBjzqWLZxzXzhi74UYwaPFK7OdNXHLEKPd4K60tDRNejUjTX4C4_GGt_wlJte5AAQmTO-lG7XX0LQ7axe92lszc4AAIE94jW-mP9XGFvVhicOmH6Vz35yc_mnbERCY0GP2BXrOBM4Txnf3KWYPE_gm466VyAkxMdnlfSIkNcgg&post_logout_redirect_uri=https%3A%2F%2Ftxguardians.cloverleafcms.de%2Fauth%2Flogin - -
[13:42:18 INF] The request URI matched a server endpoint: Logout.
[13:42:18 INF] The logout request was successfully extracted: {
"id_token_hint": "[redacted]",
"post_logout_redirect_uri": "https://txguardians.cloverleafcms.de/auth/login"
}.
[13:42:18 INF] The logout request was rejected because the specified post_logout_redirect_uri was invalid: https://txguardians.cloverleafcms.de/auth/login.
[13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/connect/logout?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IjhFOEEwNTQyMUVENUYyRDlFMDcyNzIwNEFDQUQxQTFDRDlBRDEyRkUiLCJ4NXQiOiJqb29GUWg3Vjh0bmdjbklFckswYUhObXRFdjQiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiI5YmIyMWFjOS1kM2FjLTg4N2UtYjUyMS0zYTBjOWM1ZDA4ZDYiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJFZGR5Rml0eiIsImVtYWlsIjoiZWRkeWZpdHpAZ3RleHRlc3QuY29tIiwidGVuYW50aWQiOiIwZWVjM2M1OS1mNzE4LWE5MTYtM2M4Ny0zYTBjOWM1N2RhZjgiLCJ1bmlxdWVfbmFtZSI6IkVkZHlGaXR6Iiwib2lfYXVfaWQiOiI0ZDljNWJmYy0wYWM1LTkyNTktYTFkZS0zYTBjOWZhODE4MTUiLCJhenAiOiJDbG92ZXJsZWFmQ01TIiwiYXRfaGFzaCI6ImRhaWZNQnk0MG5yaGZHek1UeGt5ZEEiLCJvaV90a25faWQiOiIwNzFkMzE0ZC00Njg1LTA0MmEtMjU3MC0zYTBkYzUwMDExY2QiLCJhdWQiOiJDbG92ZXJsZWFmQ01TIiwiZXhwIjoxNjk1MjE4NTAxLCJpc3MiOiJodHRwczovL2F1dGhzZXJ2ZXIuY2xvdmVybGVhZmNtcy5kZXYvIiwiaWF0IjoxNjk1MjE3MzAxfQ.eYbszCdoQR-nz2qpEvLgq1lsxYZqw7nYCLlhaoKwk1Y_TyQVoCode59kbhX_hSnFuvOTFBbw_cq2qES9nAr0s8UED4cStuVmsNGHTcjmozLFCaRUjKpQZRoXvKDupZ-ggE-lj6ME4VMvxUbscIYL71P5ravYf4uxLMt4_FBGyGycMBjzqWLZxzXzhi74UYwaPFK7OdNXHLEKPd4K60tDRNejUjTX4C4_GGt_wlJte5AAQmTO-lG7XX0LQ7axe92lszc4AAIE94jW-mP9XGFvVhicOmH6Vz35yc_mnbERCY0GP2BXrOBM4Txnf3KWYPE_gm466VyAkxMdnlfSIkNcgg&post_logout_redirect_uri=https%3A%2F%2Ftxguardians.cloverleafcms.de%2Fauth%2Flogin - - - 302 0 - 3.9412ms
[13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=400 - -
[13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
[13:42:18 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). [13:42:18 INF] Executing ViewResult, running view ~/Views/Error/Default.cshtml. [13:42:18 INF] Executed ViewResult - view ~/Views/Error/Default.cshtml executed in 36.7005ms. [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 44.9802ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=400 - - - 400 - text/html;+charset=utf-8 58.0027ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css?_v=638308125905720381 - - [13:42:18 INF] The file /__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css was not modified [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css?_v=638308125905720381 - - - 304 - text/css 0.6481ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.5E87075BDB3BB74AECF012FFFF580B71.js?_v=638308125910957110 - - [13:42:18 INF] The file /__bundles/LeptonX.Global.5E87075BDB3BB74AECF012FFFF580B71.js was not modified [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/__bundles/LeptonX.Global.5E87075BDB3BB74AECF012FFFF580B71.js?_v=638308125910957110 - - - 304 - application/javascript 0.9618ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationLocalizationScript?cultureName=en - - [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationConfigurationScript - - [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ServiceProxyScript - - [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationConfigurationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.ActionResult] Get() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController (Volo.Abp.AspNetCore.Mvc).
[13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
[13:42:18 INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationLocalizationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.ActionResult] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationRequestDto) on controller Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController (Volo.Abp.AspNetCore.Mvc). [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Route matched with {area = "Abp", action = "GetAll", controller = "AbpServiceProxyScript", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult GetAll(Volo.Abp.AspNetCore.Mvc.ProxyScripting.ServiceProxyGenerationModel) on controller Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController (Volo.Abp.AspNetCore.Mvc). [13:42:18 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc) in 2.6807ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ServiceProxyScript - - - 200 158 application/javascript 24.4625ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/~images/logo/leptonx/logo-dark.jpeg - - [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/~images/logo/leptonx/logo-dark.jpeg - - - 302 0 - 13.6779ms [13:42:18 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc) in 84.8822ms [13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)' [13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationConfigurationScript - - - 200 8397 application/javascript 99.8249ms [13:42:18 INF] Request starting HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=404 - - [13:42:18 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' [13:42:18 INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared).
[13:42:18 INF] Executing ViewResult, running view ~/Views/Error/404.cshtml.
[13:42:18 INF] Executing ContentResult with HTTP Response ContentType of application/javascript
[13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 185.967ms
[13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
[13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Abp/ApplicationLocalizationScript?cultureName=en - - - 200 75987 application/javascript 207.3579ms
[13:42:18 INF] Executed ViewResult - view ~/Views/Error/404.cshtml executed in 40.9456ms.
[13:42:18 INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 49.9008ms
[13:42:18 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
[13:42:18 INF] Request finished HTTP/1.1 GET http://auth.txguardians.cloverleafcms.dev/Error?httpStatusCode=404 - - - 404 - text/html;+charset=utf-8 72.4962ms
Thanks. That answered the question.
We modified the tenant resolver to read from a database table to get the tenant based on the full URL. Happy to share it with others.
Hi,
Thanks.
It worked for the Redirect Url but not the PostLogoutRedirectUrls.
Here's the error from the logs: [13:16:29 INF] The logout request was successfully extracted: { "id_token_hint": "[redacted]", "post_logout_redirect_uri": "https://txguardians.cloverleafcms.de/auth/login" }. [13:16:29 INF] The logout request was rejected because the specified post_logout_redirect_uri was invalid: https://txguardians.cloverleafcms.de/auth/login.
And this is the code in the authserver module:
{
options.EnableWildcardDomainSupport = true;
options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/signin-oidc");
options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/silent-refresh");
options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/auth/login");
options.WildcardDomainsFormat.Add("https://{0}.cloverleafcms.de/auth/signout-callback-oidc");
options.WildcardDomainsFormat.Add("https://{0}:9000/signin-oidc");
options.WildcardDomainsFormat.Add("https://{0}:9000/auth/signout-callback-oidc");
options.WildcardDomainsFormat.Add("https://{0}:44321/signin-oidc");
options.WildcardDomainsFormat.Add("https://{0}:44321/signout-callback-oidc");
});
Am I missing something?
When I enter the full uri RedirectUris field We don't get the error.
We have the same issue with the CORSOrigins in the application settings/confguration.
We're a SaaS provider and currently have over 80 clients and growing every year. I thought I read a previous post (can't find it) where someone else had the same issue.
How can we use a wildcard to match the custom domains for our clients? (Note about 90% will have something like XXX.cloverleafcms.de).
Thank you
Provide us with the following info:
We're currently using the micro services template with the auth-server as an MVC application.
We're a SaaS provider with dozens of client tenants. Each has either their own domain or a subdomain under our brand domain. For example: auth.mydomain1.com auth.mydomain2.com etc.
What we want to do is have one auth-server application that is mapped to multiple domains and/or subdomains. However in the auth-server application configuration (appsettings) there is only one SelfUrl.
In our vue application we're using the oidc-client.ts NPM module to access the auth-server openiddict. In the oidc-client User Manager settings I can set the redirect url to ${window.location.origin}/signin-oidc, so it's correctly routed back to the Vue application after authentication. I can also specify the authority url to include the client domain auth.${window.location.origin}. In the above examples, if I specify auth.mydomain1.com as the authority, it won't find it since there's only 1 SelfUrl in the appsettings of the auth-server.
How do I have multiple "SelfUrls" based on tenant domain/subdomain in the auth server so I can call it from the Vue application (or any other application for that matter)?
I know one way is to have a different auth server application running for each domain instance but that gets expensive since we have over 80 clients today.
Looking forward to your response. Thank you.
We've developed a solution using the microservices template.
We have 2 services with their own database. We need to create a query using the Abp libraries that joins results from queries from each of the databases.
Use case:
The client microservices manages clients. The programs service manages programs that are assigned to clients.
We want to have one query that gets all of the programs of a given type. We want to have a second query that returns all of the clients associated with those programs.
How do we do that using the microservices template? Has anyone done this before and if so is there a sample we can follow?
Thank you for response but let me point out a couple of points since I was trying to use the eshopOnAbp demo source code as a reference:
Because of course there is no .env in the root directory. I'm assuming it's because there are sensitive values in your .env file that you don't want on GitHub. So it would be nice to either have something in the readme.md file with what needs to be included or a .env template with the sensitive values left out.
There is no elasticsearch directory in the helm charts of the eshopOnAbp and in the authserver values.yaml file this is what's under the config property: elasticsearchHost: #
In the microservices template /etc/k8s helm charts all of the values are #, it leaves the developer to figure out what each property is used for and then figure out what value to insert. A lot of that can be extrapolated from the appsettings.json files but it would be nice to have comments in the values file with some examples/instructions for filling out. For example this is from the authserver values.yaml file:
config: selfUrl: # corsOrigins: # allowedRedirectUrls: # disablePii: # identityService: connString: # administrationService: connString: # saasService: connString: # authServer: authority: # requireHttpsMetadata: # swaggerClientId: # dotnetEnv: # redisHost: # rabbitmqHost: # elasticsearchUrl: #
I would only ask if you're going to provide a template based on a solution you have running in a cloud Kubernetes environment that
a) The documentation is complete and accurate.
b) If the documentation is complete and accurate it actually works when you follow the instructions
Sorry to be negative, but I wanted to provide some feedback on what would help my team and other companies as well.