hi
The web interface is working exactly as we want it to. It handles authentication via Auth and retrieves permissions based on the role in the Core system. Similarly, which token should I use to obtain permissions based on the role in the Core system?
Hi,
I was able to obtain a token using the admin user from the 44333-Auth and 44350-Core systems. When I made a request to an endpoint with the token provided by Auth, it returned unauthorized. The Core token worked as admin.
However, for a normal user other than admin, the Auth system provided a token and returned unauthorized. The Core system does not provide a token, instead returning a user or password error. Could the Core system be checking the local database when requesting a token? The password naturally appears blank there.
[maliming] said:
XXXCoreandXXXAuthare both auth servers.So you can use a username and password to get an access token from them.
But the user has to exist in their database.
Users are stored in both the Auth and Core application databases. I sent screenshots of the user information login attempts via email on Postman. Can you take a look?
Hi
It is normal for the user's password not to be in the core database. Do you think this request is looking at its own database?
{
"error": "invalid_grant",
"error_description": "Invalid username or password!",
"error_uri": "https://documentation.openiddict.com/errors/ID2024"
}
Hi
That's a great example. I didn't know about these Abp services. In my version, I could get a token using /connect/token to send requests to the API endpoints on the XXXCore side. In this new configuration, which endpoint can I use to get a token?
Hi
Thanks for your detailed answer.
I have some questions.
1.) The sign-up button is inactive. Actually, is there a parameter for automatic registration, as if this button didn't exist? In other words, if identity verification is successful, can it automatically register locally?
2.) The login page comes from the Account module. How can I customize it? I would appreciate a link explaining this section. Because I created Pages/Account/Login.cshtml in the Host layer and added the relevant code to the OnGetAsync method. Since it was redirecting incorrectly, I deleted it all and reverted it.
Hi
I sent a mail about project structure schemes, service images and github links. Please check your emails.
Thanks.
Hello
I tried a few things. After I put them together, I'll upload them to GitHub and add you to the project.
Hello,
I'm trying OIDC like Google authentication. It's not working. If I set dynamic claim to true, user authentication doesn't even work. For this reason, I reset it to false. Even if I restart the servers instead of logging in again, it still doesn't work :)
When I add a third server (Web + Host), I also want it to authenticate using the same token and function based on the authorization settings on its own server.
I don't want to write too many services for this issue and turn the project into a spaghetti mess.
Could you guide me on how to handle authentication on the Auth server and authorization from the Web and Host projects?
Hello,
I have layered applications. I create a ShadowUser in the OnTokenValidated event within the JwtBearer authentication on the host layer. When I log in from the web layer, the menus and pages that the user I assigned to the role is authorized to access are not visible.
If I had logged in with Google, Google would have sent me a verified user. This user would have a local User associated with them, and the AbpUserLogin table would contain the ProviderKey linking this user to Google. When I add a role to such a user, why are these menus not visible on the web side (MVC)?
Is there an SSO example for tiered applications that handles roles and permissions?
