Thank you for providing extra details on your environment file.
After checking the open-id configuration request, I see two main issues:
HTTPS Requirement: Your configuration has requireHttps: true, but the discovery document returns HTTP endpoints (not HTTPS) for all endpoints except the issuer.
Issuer URL Mismatch: The endpoints in the discovery document don't start with the issuer URL (they use http:// while the issuer uses https://).
"issuer": "https://bluestar-authserver.lemonpond-86e62977.centralindia.azurecontainerapps.io/",
"authorization_endpoint": "http://bluestar-authserver.lemonpond-86e62977.centralindia.azurecontainerapps.io/connect/authorize",
"token_endpoint": "http://bluestar-authserver.lemonpond-86e62977.centralindia.azurecontainerapps.io/connect/token",
"introspection_endpoint": "http://bluestar-authserver.lemonpond-86e62977.centralindia.azurecontainerapps.io/connect/introspect",
"end_session_endpoint": "http://bluestar-authserver.lemonpond-86e62977.centralindia.azurecontainerapps.io/connect/logout",
"revocation_endpoint": "http://bluestar-authserver.lemonpond-86e62977.centralindia.azurecontainerapps.io/connect/revocat",
"userinfo_endpoint": "http://bluestar-authserver.lemonpond-86e62977.centralindia.azurecontainerapps.io/connect/userinfo",
"device_authorization_endpoint": "http://bluestar-authserver.lemonpond-86e62977.centralindia.azurecontainerapps.io/device",
"jwks_uri": "http://bluestar-authserver.lemonpond-86e62977.centralindia.azurecontainerapps.io/.well-known/jwks",
I can suggest you an optimum solution to configure your auth server to:
You can also manually configure the discovery document as follows: https://manfredsteyer.github.io/angular-oauth2-oidc/docs/additional-documentation/using-an-id-provider-that-fails-discovery-document-validation.html
const oAuthConfig = {
issuer: 'https://bluestar-authserver.lemonpond-86e62977.centralindia.azurecontainerapps.io/',
redirectUri: baseUrl,
clientId: 'Bluestar_App',
responseType: 'code',
scope: 'offline_access Bluestar',
requireHttps: true,
strictDiscoveryDocumentValidation: false,
skipIssuerCheck: true,
// Manually specify endpoints with HTTPS
loginUrl: 'https://bluestar-authserver.lemonpond-86e62977.centralindia.azurecontainerapps.io/connect/authorize',
tokenEndpoint: 'https://bluestar-authserver.lemonpond-86e62977.centralindia.azurecontainerapps.io/connect/token',
// Add other endpoints as needed
};
It is important to note that using HTTP endpoints or disabling security validations should only be done in development environments. For production, you should always use the https for all endpoints and keep strict validations enabled.
You can let me know if you need further assistance.
Hello,
It appears that the login process has not been configured to require HTTPS. Additionally, the issuer setting may not be correctly specified.
To address this, I recommend adding the following flags to your authConfig in the environment file:
strictDiscoveryDocumentValidation: true,
skipIssuerCheck: true,
If you require further assistance, please feel free to share the relevant details of your authConfig.
To further investigate the console error you're still seeing, could you please provide a minimal, reproducible example that triggers the issue? This will help us pinpoint the root cause much more effectively. You can send it directly to sumeyye.kurtulus@volosoft.com.
If possible, please include:
Appreciate your help — we’ll dive right in as soon as we receive it.
Hello again. Thank you for providing extra details about your problem.
However, I still cannot produce the same problem on our side. Could you please share a minimal, reproducible example via this email: sumeyye.kurtulus@volosoft.com, so that I could assist you further.
Thank you for your cooperation.
Hello, I cannot produce the same problem on my end.
Could you please share your app.config.ts file? Could you also clarify the package manager and its version?
Hello, I cannot produce the problem on my end. Could you please share a minimal, reproducible example via this e-mail address: sumeyye.kurtulus@volosoft.com so that I can assist you further?
Hello, can you confirm that the related permission is configured with the same name on the backend side as BlueStar.AccessReviews.Create?
Hello! To manage visibility based on user roles, you can use the invisible or requiredPolicy property. These properties help control which navigation items are shown depending on the user's permissions.
You can find more details about these properties in the ABP Framework codebase here.
For example, if you decide to use the invisible property, you can modify the navigation items like this:
import { ABP, AuthService, RoutesService } from '@abp/ng.core';
...
protected routes = inject(RoutesService);
updateRouteVisibility(name: string, invisible: boolean) {
const route = this.routes.find(route => route.name === name);
// const invisible = --you can add your own logic to decide visibility--
if (route) {
this.routes.patch(name, {
invisible: invisible,
} as Partial<ABP.Route>);
}
}
...
Let me know if you need further assistance on that.
Hello, you need to import PermissionDirective to the related module or the component if it is standalone. Let me know if you need further assistance on that.
I apologize for getting back to you this late.
You don't need to disable all output hashing. Instead, you can selectively control what gets hashed by configuring the outputHashing property in angular.json. For example, you could set "outputHashing": "media" to only hash media files while keeping your CSS and JS bundles with predictable names.
The available options are:
This selective approach lets you maintain predictable filenames for directly referenced assets while still benefiting from cache busting where needed. Just make sure your HTML references match the actual filenames generated during the build process.
