Activities of "henryand"
I am dead in the water not being able to access the emails value for logging in. I expect it's either a claimsmapping or (hopefully not) a change to OpenIdConnectAuthProviderApi code. no email address = no username = no login
also, is there someplace i need to be referencing the userinfo endpoint
I added your suggestion but I get "unique_name claim is missing !" i don't know if the problem is because the Key still expects email instead of emails
"ClaimsMapping": [
{
"claim": "email",
"key": "emails"
},
{
"claim": "unique_name",
"key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
}
]
Abp.UI.UserFriendlyException: unique_name claim is missing ! at Stepwell.Web.Authentication.External.OpenIdConnectAuthProviderApi.GetUserInfo(String token) in C:\Dev\stepwell-tmp\src\Stepwell.Web.Core\Authentication\External\OpenIdConnectAuthProviderApi.cs:line 60 at Stepwell.Web.Controllers.TokenAuthController.GetExternalUserInfo(ExternalAuthenticateModel model) in C:\Dev\stepwell-tmp\src\Stepwell.Web.Core\Controllers\TokenAuthController.cs:line 641 at Stepwell.Web.Controllers.TokenAuthController.ExternalAuthenticate(ExternalAuthenticateModel model) in C:\Dev\stepwell-tmp\src\Stepwell.Web.Core\Controllers\TokenAuthController.cs:line 451
the issue i was having dealt with B2C wellknown not being on the same path as issuer.
: adding the slash at the end of the authority gives a server error: The given key 'WellKnown' was not present in the dictionary.
the api could still be on one url. some users would have different urls to the same site, but the different urls would not indicate the tenant. for instance, group1.domain.com and group2.domain.com having the same tenant, or domain1.com and domain2.com sharing a published instance of the app.
we found our solution. i'm posting it here for anyone that may read this thread.
Since azure expects the angular app to be in WWWROOT instead of WWWROOT/DIST, we can build it in wwwroot/ but only if angular knows not to delete the existing contents.
"outputPath": "wwwroot/",
"deleteOutputPath": false,
that automates the process, but does not remove the time to copy all of the files. it seems the files can't be generated in the place where they are expected to be used (./wwwroot/) so i was asking if we could use them where they are generated (./wwwroot/dist/). it seems very odd to me that we publish both the api and the angular to the webserver at the same time but only the api will run after publish. the entire angular app needs to be moved twice - to the correct folder and to azure.
is there a way to define the angular app's root folder as the dist folder?
Could you provide a follow-up here? We also have "Response already started" littering our log files.
the error message references the following line in Startup.cs
app.Use(async (context, next) => { await next(); if (context.Response.StatusCode == 404 && !Path.HasExtension(context.Request.Path.Value)) { context.Request.Path = "/index.html"; await next(); } });
are there any examples or documentation for having a separate seeders per tenant?
we do have a standard schema across all tenants, but the data is tenant specific. we need a methodology for updating the data in each tenant database when running the backend before the frontend brings up the login screen. that seems like it would be in the seedhelper. I don't want the seedhelper to run against the default host db, it needs to run against the tenant dbs. when my devs are running localhost to their 3 databases (host, tenant1, tenant2) we would want a seedhelper1 to run against tenant1 connectionstring and then run seedhelper2 against tenant2 connectionstring.
or did you mean that the TokenAuthController should just send the LogoutUrl from the configuration file?
thanks