Thanks maliming that's exactly what I was looking for, thank you!
OK Guys for the time being I hacked around this.
On each token validated event I lookup the ABP user with my oid and manually add the claim to the identity. This now comes through in each request in the API. I'll have to make this cached etc as it's pretty painful looking up a user each request :) I'll probably make this middlware at some point and will share the code.
@richardghubert I want to say thanks for all your input and time. Appreciate your help.
Chris
Sorry I didnt explain well.
My bearer token validates OK, thats all good.
I auth with AzureAd, great get the token back...tick I now want to use this in an api call using it as Bearer Authentication. I've done this many times before but not with ABP.
We are in the same domain.. so CORS is OK.
My challenge is that although im sending a azureAd OpenIdCOnnect bearer token to the api, the ABSession UserId is not getting set. Which I assumed would be determined from the claim nameidentifier.
I'm was guessing in ABP somewhere it takes my name identifier and resolves this to the login then adds this to the ABPSession by adding it to the AbpClaimTypes.UserId claim... but maybe not?
The outcome of this is that when I call an api controller the ABPSession.UserId it's null.
I have set a http header for the Abp.TenantId in the api call just while I run locally and this is populated in the ABPSession.Tenant just fine.
I'm just wondering if my code is wrong or if the ABP code which populates the UserId is based upon cookie auth middleware or something.
I was just checking if pure Bearer Auth calls were compatible with OpenIdConnect tokens?
I might need to create a middleware or even in the JWT events add the AbpClaimTypes.UserId claim which ABP seems to use.
This is a lot more in depth than I thought it was going to be :D
Chris
OK Gents.
Maybe Ive just screwed my code... as the userId is not resolving when I pass the bearer token to the api. It has the correct claim and I even added a jwt sub claim as well.
I just want to double check. I'm wanting to use the bearer token using the JWT not a cookie as it's going to be called from external systems through the API.
Does ABP only support openId as a cookie??
Chris
Thanks richardghubert!
OK cool that's awesome info so just confirming :
ClaimTypes.NameIdentifier is the field that is used to lookup the login/user?
I'm guessing this is the same for both Cookie and JWT?
Chris
Hi All.
I'm stuggling to get all the steps and need some guidance if anyone can help?
For example: If you are using AzureAd or Azure B2C.
I see that in the above example we are adding an additional claim / rewriting based on a claim from AzureAD/B2C.
What are the claims that Zero looks for when resolving the user, for example if it's email there might actually be multiple idents with the same email, or the fact that it's not immutible?
For Azure AD you might want to use oid to have the same id accross Apps or sub if you want different id's accross different apps.
Do we have to use email? Can we override / configure zero to use a different claim for the id?
Thoughts anyone?
Chris