Activities of "liangshiwei"

Hi,

This is a limit of OAuth: https://auth0.com/docs/get-started/authentication-and-authorization-flow/resource-owner-password-flow

I think the OAuth external login provider is not suite for you. you can custom your own provider.

Maybe Azure provides an HTTP API that can search users(I'm not sure.)

public class MyAzureAdExternalLoginProvider : ExternalLoginProviderBase, ITransientDependency
{
    public const string Name = "AzureAd";

    public MyAzureAdExternalLoginProvider()
            : base(....)
    {
    }

    public async override Task<bool> TryAuthenticateAsync(string userName, string plainPassword)
    {
        ....
    }
    
    public async override Task<bool> IsEnabledAsync()
    {
        .....
    }

    protected async override Task<ExternalLoginUserInfo> GetUserInfoAsync(string userName)
    {
        //Use the username to send an HTTP request to Azure API to query a user.
    }
}


Configure<AbpIdentityOptions>(options =>
{
    options.ExternalLoginProviders.Add<MyAzureAdExternalLoginProvider>(MyAzureAdExternalLoginProvider.Name);
});

We will fix the problem, and your ticket refunded.

Hi,

Is this can help you?

Add to ConfigureServices method.

context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme);

Hi,

That means that I need to know the user password?!?!

Unfortunately, yes.

This is the resource-owner-password-flow rule.

I am trying to import uses that already exist on Azure Ad by using the email and the current password, but still not working for me. Am I doing something wrong?

Could you provide the azure ad configuration(clientid,secret... and a test account) to me via email? shiwei.liang@volosoft.com

Hi,

After my check, it should work after https://support.abp.io/QA/Questions/3761#answer-3f02f82f-0c97-563c-cab8-3a069adc445c

Tips: ABP needs to get the email to create a user. you can check the user info endpoint.

it is a bit weird that I need to provide the password of the user that I am trying to import.

Yes, but it's a limit of OAuth, we have to provide a username and password to check if the user is valid.

Hi,

Did you provide the password when you import a user?

Hi,

Get access token error: {"error":"invalid_grant","error_description":"AADSTS50126: Error validating credentials due to invalid username or password.\r\nTrace ID: a7f3a95c-2848-4eac-a01f-4d0257db3d00\r\nCorrelation ID.

I guess the username or password is incorrect, could you provide an azure ad test configuration with me via email? shiwei.liang@volosoft.com

I can check it and quickly fix it.

Hi,

This is a problem, we will fix it in the 6.0 version., BTW, your ticket refunded.

For now, you can try:

[ExposeServices(typeof(OAuthExternalLoginManager))]
public class MyOAuthExternalLoginManager : OAuthExternalLoginManager
{
    public MyOAuthExternalLoginManager(IOAuthSettingProvider oAuthSettingProvider, IHttpClientFactory httpClientFactory) : base(oAuthSettingProvider, httpClientFactory)
    {
    }

    protected async override Task<DiscoveryDocumentResponse> GetDiscoveryResponseAsync()
    {
        using (var httpClient = HttpClientFactory.CreateClient(HttpClientName))
        {
            var request = new DiscoveryDocumentRequest
            {
                Address = await OAuthSettingProvider.GetAuthorityAsync(),
                Policy = new DiscoveryPolicy
                {
                    RequireHttps = await OAuthSettingProvider.GetRequireHttpsMetadataAsync(),
                    ValidateEndpoints = false,
                    ValidateIssuerName = false
                }
            };
            
            var discoveryResponse = await httpClient.GetDiscoveryDocumentAsync(request);
            if (discoveryResponse.IsError)
            {
                throw discoveryResponse.Exception ?? new AbpException("Get discovery error: " + discoveryResponse.Raw);
            }

            return discoveryResponse;
        }
    }
}```

Hi,

I will check it out