Base solution for your next web application

Activities of "clahey"

Hi oguzhanagir,

I updated the db ([OpenIddictApplications] table) but now receive an error that the client id is invalid. I have checked that the client id in the db matches exactly with the client id in the umbraco application.

localhost:44301/connect/authorize?client_id=client&redirect_uri=https%3A%2F%2Flocalhost%3A44342%2Fsignin-oidc&response_type=code&scope=openid profile&code_challenge=oXT8rx4MrpNCGiqX0ZTuZsuOYy0ABuaHFQfcdcw0v_E&code_challenge_method=S256&response_mode=form_post&nonce=638665094411147229.NjU1NmZlNjMtMGU4Ny00YTBiLTk2ZWItZGZjNzEzMGQyMWMwZmFlZmI3MDQtNzY5Yi00OThhLWFiMTktOGM5NDEwY2YwNjY2&state=CfDJ8DTfbC_8CzBKrpYXkEW7lEGOg-fGgK2Y99PPaV_fRADddfI92DXAW6IEIRAdgKbIcip3IxiY-U2lIZsIV94sdHINeBEGp5w41W-f5mC66yzQN8CB1aM1PjroDQKNETWgzn2vgLOB8jBGPHNWLSEX-dg57M4G3CTGWtak7pDJ5mar_4fJmoa3QRbvwUTfBLsPrI3XvonpHhzmhdblU2XXPTda0zcGjjaEQ86beoPUexxbKN1daLMA9vEgb83ZyXgoCiltYq-L_eIzJH3tdTdIGp91VnFc-qMa_UbSjdeUhiPyTGskaH3N_4ZYzU_JFy0i02a1p5sd7vXVUnVW_9m8_N52J0NHmXBI2phn2lLj2yGOk6UDaSGQQKDv9FYx95eZHIPEr7GEK2V6vngcXbP0Wbl9gZaUMviAMszQEaShfpARWKH8Y1IDgBYiT5lMtVDvguLHS5yIN4g4PpsJIAmNTHP28lQxDvWT_42ypL1hKUJqq8Zn2blIHaRqlZ5ve9gsnKljgzsAFJovpSJyFM_dueH4bcna3uhKet4in8lYRq0rvGDmrJ3b1yksmyu_ywMey6jTA97a6nd_qqxEDwzIhj1ZP0Jay2s8er_6Sw3lljNRB_wG1Dv4hRtFv9-eSWMO-7wz-BbX5VZBEl5zxGUhkOAbNd0w73ZVbe553qiXZn3RDQ_7B86lUujXRhPcBc6UTQXiiPYN5HJqS3ch49pAO407UHxNS5H42C1sYRdBRBvZ&x-client-SKU=ID_NET8_0&x-client-ver=8.0.2.0

error:invalid_request error_description:The specified 'client_id' is invalid. error_uri:https://documentation.openiddict.com/errors/ID2052

Hi,

We are trying to use the aspnet zero system as an external auth provider for a marketing website. We have configured the app settings accordingly: "OpenIddict": { "IsEnabled": "true", "Applications": [ { "ClientId": "client", "ClientSecret": "def2edf7-5d42-4edc-a84a-30136c340e13", "DisplayName": "etransit_App", "ConsentType": "Explicit", "RedirectUris": [ "https://localhost:44342/signin-oidc", "https://localhost:44342" ], "PostLogoutRedirectUris": [], "Scopes": [ "default-api", "profile", "openid", "email", "phone", "address" ], "Permissions": [ "ept:token", "ept:authorization", "gt:password", "gt:client_credentials", "gt:authorization_code", "rst:code", "rst:code id_token" ] } ] } And are running the etransit web host project. In order to make the request, we are using this sample umbraco project. https://github.com/jbreuer/Umbraco-OpenIdConnect-Example Specifically this file - https://github.com/jbreuer/Umbraco-OpenIdConnect-Example/blob/main/Umbraco-OpenIdConnect-Example.Core/Extensions/UmbracoBuilderExtensions.cs With the settings updated for the aspnet zero application: "OpenIdConnect": { "MetadataAddress": "https://localhost:44301/.well-known/openid-configuration", "ClientId": "client", "ClientSecret": "def2edf7-5d42-4edc-a84a-30136c340e13", "LogoutUrl": "https://localhost:44301/logout", "ReturnAfterLogout": "https://localhost:44342/" }

However, when trying to authenticate, we receive the following error: error:invalid_request error_description:The specified 'redirect_uri' is not valid for this client application. error_uri:https://documentation.openiddict.com/errors/ID2043

This is the url in the browser when we receive the error: https://localhost:44301/connect/authorize?client_id=client&redirect_uri=https%3A%2F%2Flocalhost%3A44342%2Fsignin-oidc&response_type=code&scope=openid%20profile&code_challenge=wMNJT4QoiT7y9Boxhz5IQHNvQzo1MHyF4Y1lJ2oGSHI&code_challenge_method=S256&response_mode=form_post&nonce=638664064041654643.YTQzYzc0MzAtOWQyNy00ZjNiLTg2ZjMtMTQwYTM2ZWUzYTE2NTlhY2VhOGQtMTFmMi00YjA3LWE3NmItOWNlOWUzNDliYWNi&state=CfDJ8DTfbC_8CzBKrpYXkEW7lEHZsthRRkGeXEeRdPB9k51hNTD1db2pGFcHUQfjGEir7gr3co_4QRf6W7R4_Cvgv_1TM5YYFIBPFpxC3Ytf_xeJ1xVSHG72l9-GBo4SHc3DLW2eW8UndDWh-payTgrFSX0QG8ihUNt7O4L7IbzQybs708hs1nQ6Cb5ZxcgBvx8SbBij_h6Vg-LTTvcS0cALyUyMCCB7AqIg2cMru5ZukC83g77BnCje_APBBAia8klxhjrIclMYQJsw_Ah8INHzsNHztph9nyK-IGzBwjVf9SFB6ncRgRusVn8fiwwquNXx3BeeW1qS7MDuqvnc4I9asmO74LOW4UhYRV8ZsRAU2xDR_yL9T1JjoS_oaErm1mKIKb9pFRCO8rox-kunl681uAGh3g5WAM5bdVnCV8BFoZfhx3v6sTr_5gU7nKGcJktA2KKqLRoi-VnenfoxTToyzztQgvgnfJ2cmr4nA79jfsiU8tZYvyrMcoyiwl68SSXTIS0uxCYTfW1VaZvTh6TBolS8F1NNT2taa2HtRIO4lZTlBmypDC1dSP5FmKoKZq4tZvDG2BJ01cgAhDGbh7s8S_5MSs-EWTZ9xBk1rZidXmWpQkffsx28WV7QXlozVpc5DoS4EFS39pzrRibDuOzCAGylGAjXlFQXmqikPsyC26ifq9OfUVZay_T2aL0iJjvf45wLJp8uRchzO-rvyzakbOjnD-3K__dZ-4UdQQbG9T13&x-client-SKU=ID_NET8_0&x-client-ver=8.0.2.0

As you can see, the redirect_uri matches exactly what is defined in the application settings so we are stuck on what this error could really be pointing to. Can you please advise? Are we missing a piece of configuration somewhere?

Thanks

Hi,

AspNet Zero doesn't support only the API Key at the moment because each action must be related to a user. You can add a new field to user entity (API key) or create a separate table to related API Keys with Users. Then, when a reuqest is sent to server, you can get the API Key and find the related user and generate a token.

For your custom domain resolver issue, you can take a look at https://github.com/aspnetzero/aspnet-zero-core/tree/dev/angular/src/shared/multi-tenancy/tenant-resolvers. We implement a similar approach on our angular app. Angular app retrieves the TenantId from the current URL (subdomain or query string etc...) and sends Abp.TenantId to API with every request. You can implement a similar approach for your VueJS app.

That GitHub link did not work. I get a 404

Do you have any examples of how we can implement a custom tenancy resolver on the API side?

We have external apps that need to be able to call the API but do so securely. Each tenant will call the API from a single (multi-tenant) app that can be configured to run for different domains per tenant. There will be no username/password to pass into auth the API so we need a token-based or api key based system where we can give a token to an API connection based on the current tenant.

That may be confusing so here's an example. We have a single vue.js app that the app service can be bound to: app.tenant1.com (Tenant 1) app.tenant2.com (Tenant 2) app.tenant3.com (Tenant 3) Each domain represents a different tenant but running through the same vue.js app. We need to be able to call the asp.net zero API from that vue.js app but if the vue.js app is being loaded as app.tenant1.com we need the API on the Zero side to be able resolve that incoming API call as being a Tenant 1 tenant.

Currently, the API requires a un/pw to handshake and get a token. Since we have separate apps that need to access the API (mostly read only) we need to have a way that the token can be looked up from an API key/host header combo and not a un/pw.

Any thoughts here?

Showing 1 to 4 of 4 entries