Activities of "Leonardo.Willrich"

If I use refreshToken.Text, which is empty, it will raise this exception:

System.ArgumentException: Parameter is required (Parameter 'refresh_token')

Endpoint is exactly the same. Here is my code:

var response = await httpClient.Value.RequestRefreshTokenAsync(new RefreshTokenRequest()
{
    Address = disco.TokenEndpoint,
    ClientId = clientId.Text,
    ClientSecret = secret.Text,
    RefreshToken = refreshToken.Text,
});

Hi Maliming,

For Introspect it is working fine. But, for RefreshToken it is saying the grant_type is invalid. Have you managed to make it work?

hi

Can you share a simple project to reproduce? liming.ma@volosoft.com

I've sent a Windows Form project. Just change the fields using your remote server with a valid client.

Another thing that I found. If I update a Client (just edit, change some field, can save), it doesn't work anymore. It says that the secret is invalid. Looking at the database, table IdentityServerClientSecrets, I found that the column "Value" was modified and it has the same value as the previous record. Can you have a look at that as well?

Does this resolve the problem? https://support.abp.io/QA/Questions/3404#answer-5bd6d8f3-7f01-53fa-6050-3a05049ffeee

Yes, it seems that worked. Cheers!

Yes, I can do it. Just need a few minutes to create it and will email you.

Another thing that I found. If I update a Client (just edit, change some field, can save), it doesn't work anymore. It says that the secret is invalid. Looking at the database, table IdentityServerClientSecrets, I found that the column "Value" was modified and it has the same value as the previous record. Can you have a look at that as well?

Yes, I have a secret in my client. I'm using the IdentityModel class library.

Here is my method to Introspect the token:

 public async Task<bool> ValidateToken(string accessToken)
        {
            Console.WriteLine("ValidateToken Init");
            var authority = _baseUrl;
            var discoveryCache = new DiscoveryCache(authority);
            var disco = await discoveryCache.GetAsync();
            var httpClient = new Lazy<HttpClient>(() => new HttpClient());
            Console.WriteLine("ValidateToken 1");
            var response = await httpClient.Value.IntrospectTokenAsync(new TokenIntrospectionRequest
            {
                Address = disco.IntrospectionEndpoint,
                ClientId = "xxx",
                ClientSecret = "xxx",
                Token = accessToken,
            });
            Console.WriteLine("ValidateToken 2 - response: {0}", JsonSerializer.Serialize(response));
            return !response.IsError && response.IsActive;
        }

There are two things that I notice wrong:

1. It uses the ClientId to check the API Resource Id;
2. Even adding a secret to my API resource and changing the ClientId to the same Id as the Api Resource, it fails.

Here are the logs when the ClientId is the API Resource ID:

[14:37:27 INF] Request starting HTTP/2 POST https://localhost:44364/connect/introspect application/x-www-form-urlencoded 1201
[14:37:27 INF] CORS policy execution successful.
[14:37:27 DBG] CORS request made for path: /connect/introspect from origin: https://localhost:7044 but was ignored because path was not for an allowed IdentityServer CORS endpoint
[14:37:27 INF] No CORS policy found for the specified request.
[14:37:27 DBG] Request path /connect/introspect matched to endpoint type Introspection
[14:37:27 DBG] Endpoint enabled: Introspection, successfully created handler: IdentityServer4.Endpoints.IntrospectionEndpoint
[14:37:27 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.IntrospectionEndpoint for /connect/introspect
[14:37:27 DBG] Starting introspection request.
[14:37:27 DBG] Start parsing Basic Authentication secret
[14:37:27 DBG] Start parsing for secret in post body
[14:37:27 DBG] Parser found secret: PostBodySecretParser
**[14:37:27 DBG] Secret id found: SBC**
[14:37:27 DBG] No shared secret configured for client.
[14:37:27 DBG] Secret validators could not validate secret
[14:37:27 INF] {"ApiName": "SBC", "Category": "Authentication", "Name": "API Authentication Failure", "EventType": "Failure", "Id": 1021, "Message": **"Invalid API secret"**, "ActivityId": "40000025-0006-cc00-b63f-84710c7967bb", "TimeStamp": "2022-07-15T02:37:27.0000000Z", "ProcessId": 35360, "LocalIpAddress": "::1:44364", "RemoteIpAddress": "::1", "$type": "ApiAuthenticationFailureEvent"}
[14:37:27 ERR] API validation failed.
[14:37:27 ERR] API unauthorized to call introspection endpoint. aborting.
[14:37:27 INF] Request finished HTTP/2 POST https://localhost:44364/connect/introspect application/x-www-form-urlencoded 1201 - 401 - - 11.6988ms

Here are the logs the ClientId is the ClientId indeed:

[14:38:51 DBG] CORS request made for path: /connect/introspect from origin: https://localhost:7044 but was ignored because path was not for an allowed IdentityServer CORS endpoint
[14:38:51 INF] No CORS policy found for the specified request.
[14:38:51 DBG] Request path /connect/introspect matched to endpoint type Introspection
[14:38:51 DBG] Endpoint enabled: Introspection, successfully created handler: IdentityServer4.Endpoints.IntrospectionEndpoint
[14:38:51 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.IntrospectionEndpoint for /connect/introspect
[14:38:51 DBG] Starting introspection request.
[14:38:51 DBG] Start parsing Basic Authentication secret
[14:38:51 DBG] Start parsing for secret in post body
[14:38:51 DBG] Parser found secret: PostBodySecretParser
**[14:38:51 DBG] Secret id found: SBC_Mobile**
[14:38:51 INF] {"ApiName": "SBC_Mobile", "Category": "Authentication", "Name": "API Authentication Failure", "EventType": "Failure", "Id": 1021, "Message": **"Unknown API resource", **"ActivityId": "400000eb-0008-f200-b63f-84710c7967bb", "TimeStamp": "2022-07-15T02:38:51.0000000Z", "ProcessId": 35360, "LocalIpAddress": "::1:44364", "RemoteIpAddress": "::1", "$type": "ApiAuthenticationFailureEvent"}
[14:38:51 ERR] No API resource with that name found. aborting
[14:38:51 ERR] API unauthorized to call introspection endpoint. aborting.
[14:38:51 INF] Request finished HTTP/2 POST https://localhost:44364/connect/introspect application/x-www-form-urlencoded 1208 - 401 - - 21.0535ms

Hi,

I'm still struggling to create the application and create a decent login system for it.

How can I validate and refresh a token? Currently, I'm saving the date/time expiration in the session. If that is expired, I'm trying to call connect/introspect, but, no success. Same error as described on this item: https://github.com/abpframework/abp/issues/12394

I've tried to use refresh_token grant_type, as per IdentityServer4 documentation, but, it is also not working. It is saying Grant is invalid. Besides, there is no refresh_token token in the Identity Server > Client form. I had to add a custom grant type.

Hi Maliming,

I got a bit confused now. Where can I check HttpContext.User and where I can set the types exactly?

See if this image answers your question:

Hi maliming,

I've found that the CurrentUser is not NULL at all, actually, only the Name and Surname are null.

See the CurrentUser object:

{
  "IsAuthenticated": true,
  "Id": "39fce267-691b-005d-2688-42fe82789338",
  "UserName": "leo",
  "Name": null,
  "SurName": null,
  "PhoneNumber": "+64275874295",
  "PhoneNumberVerified": false,
  "Email": "leonardo.willrich@tvd.co.nz",
  "EmailVerified": true,
  "TenantId": "39fce25b-2b37-c3fe-2285-69ad471c4ffe",
  "Roles": [
    "admin"
  ]
}

I've found it on this topic in Github: https://github.com/abpframework/abp/issues/6571

Hi Maliming,

Requesting the token like this. In the Header, I've added the key "__tenant" with the tenant name.

Here is the token generated:

eyJhbGciOiJSUzI1NiIsImtpZCI6IjYyM0RCMjY5MThBRUNGMTcwRjYzMTk3RkJEQTQwNUVBIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2NTc2OTU2NzAsImV4cCI6MTY4OTIzMTY3MCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzNjQiLCJhdWQiOiJTQkMiLCJjbGllbnRfaWQiOiJTQkNfTW9iaWxlIiwic3ViIjoiMzlmY2UyNjctNjkxYi0wMDVkLTI2ODgtNDJmZTgyNzg5MzM4IiwiYXV0aF90aW1lIjoxNjU3Njk1NjcwLCJpZHAiOiJsb2NhbCIsInRlbmFudGlkIjoiMzlmY2UyNWItMmIzNy1jM2ZlLTIyODUtNjlhZDQ3MWM0ZmZlIiwicm9sZSI6ImFkbWluIiwicGhvbmVfbnVtYmVyIjoiKzY0Mjc1ODc0Mjk1IiwicGhvbmVfbnVtYmVyX3ZlcmlmaWVkIjoiRmFsc2UiLCJlbWFpbCI6Imxlb25hcmRvLndpbGxyaWNoQHR2ZC5jby5ueiIsImVtYWlsX3ZlcmlmaWVkIjoiVHJ1ZSIsImVkaXRpb25pZCI6IjM5ZmNlMjU5LTViNGEtZmFjNi1iYzU2LWY3OGEyN2RlMmUyZiIsIm5hbWUiOiJsZW8iLCJpYXQiOjE2NTc2OTU2NzAsInNjb3BlIjpbImFkZHJlc3MiLCJlbWFpbCIsIm9wZW5pZCIsInBob25lIiwicHJvZmlsZSIsInJvbGUiLCJTQkMiLCJvZmZsaW5lX2FjY2VzcyJdLCJhbXIiOlsicHdkIl19.CTIS5YyRvFigvPN8qPboDzQg8DeKogy-SBTRJMrTL7hZiYCYRR9sv4nsHTrMNDgLJf8IJf-Tq4RJ-XmM4ZsnFhGxXsiXdCiHfAIo0QJJ_TVNgwazUWDk6wakIpCppH0dlGa2vayTQc882lvflTutxgbfNiRdDJ5_mKEAmgb1XuVGRu6GHig-tpXHrUp_R-GzistEV8IaHppErDjHtcAdyTPtBUpZsRUxPDSeAJylZZScRxT_IUHKA2BigzY3MkbYDgfcfAew7En6QGpK0jE3FBU7UIQfsINf6QJTAXNA4WuvOzhNVovBKHdormwSHBWTOmBEkxgpBZZko4iKM4_68A

If I try to call a method from my API, passing the token in Authorization and the __tenant, the CurrentUser will be NULL.

I've follow also the steps from this post in the community, but, also the CurrentUser is null.

How can I set the Current User? It is quite important in my methods as I am filtering data based on the Current User Id. I don't want to have two methods, one for my website and another one for other applications calling the API method.

Thank you!