Hi @alper, is there any updates on the investigation?
I have the same question, is it possible to split the Identity Server to separate database? and the identity server will be shared by multiple applications.
Hi @maliming, I have followed the article and been able to create a new template, thank you.
Hi @liangshiwei, I got the same issue after creating a new client, I had copied the SQL query to run on SQL Management Studio, it was extremely slow, the root cause is the ORDER BY part, please help us take a look:
ORDER BY [t].[Id], [i0].[ClientId], [i0].[GrantType], [i1].[ClientId], [i1].[RedirectUri], [i2].[ClientId], [i2].[PostLogoutRedirectUri], [i3].[ClientId], [i3].[Scope], [i4].[ClientId], [i4].[Type], [i4].[Value], [i5].[ClientId], [i5].[Type], [i5].[Value], [i6].[ClientId], [i6].[Provider], [i7].[ClientId], [i7].[Origin], [i8].[ClientId], [i8].[Key]
the log is too long, please check it here: https://drive.google.com/file/d/1Mg6XeFGRliqNKU24fH413FANKAMawgRL/view?usp=sharing
Hi @liangshiwei, thank you
Hi @alper, yes, I have shared the repo via email, please help take a look.
Thanks.
Hi @liangshiwei, thanks for your quick response. I am able to resolve the problem by clear browser cookies in the latest version 4.0.2.
However, I still got the unauthentication problem with version 3.3.2 due to missing access token
[21:56:21 WRN] Authorization failed! Given policy has not granted.
Volo.Abp.Authorization.AbpAuthorizationException: Authorization failed! Given policy has not granted.
please let me know is there a way to add the token in swagger like version 4.x
Thank you.
Hi @gterdem, I have overrided the methods and found the root caue, the loginInfo is returned null if I login with the Identity Server A as authentication provider:
var loginInfo = await SignInManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
Logger.LogWarning("External login info is not available");
return RedirectToPage("./Login");
}
I have added Google authentication provider to check, it was able to retrieve the loginInfo and proceed redirect to /Register page to register new user while the Identity Server could not retrieve the info and redirected to /.Login page:
Google log:
[10:28:16 INF] Executing handler method internetAbp.Pages.Account.CustomLoginModel.OnGetExternalLoginCallbackAsync - ModelState is Valid
[10:28:17 DBG] Added 0 entity changes to the current audit log
[10:28:17 DBG] Added 0 entity changes to the current audit log
[10:28:17 INF] Executed handler method OnGetExternalLoginCallbackAsync, returned result Microsoft.AspNetCore.Mvc.RedirectToPageResult.
[10:28:17 DBG] Added 0 entity changes to the current audit log
[10:28:17 INF] Executing RedirectToPageResult, redirecting to ./Register.
Identity Server A log:
[10:30:30 INF] Executing handler method internetAbp.Pages.Account.CustomLoginModel.OnGetExternalLoginCallbackAsync - ModelState is Valid
[10:30:33 WRN] External login info is not available
[10:30:33 INF] Executed handler method OnGetExternalLoginCallbackAsync, returned result Microsoft.AspNetCore.Mvc.RedirectToPageResult.
[10:30:33 INF] Executing RedirectToPageResult, redirecting to ./Login.
[10:30:33 INF] Executed page /Account/Login in 3398.5971ms
[10:30:33 INF] Executed endpoint '/Account/Login'
Full Log:
Could you please help me check.
Hi @gterdem, yes, the returnUrl was in address bar after navigated to Application A login page:
https://localhost:44306/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dinternetprovider%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%253A44366%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge....
Below is the log details in Identity Server B, there is a line "ModelState is invalid", could you help me check:
[00:41:39 INF] Request starting HTTP/2.0 POST https://localhost:44366/Account/Login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%26client_id%3DinternetAbp_App%26state%3DNTdhV1BhekxYTjFQakFyMzAwWFhMeW9CRHAzVURfMEVUbk4weVl-aVZhZmtw%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A4200%26scope%3Dopenid%2520offline_access%2520internetAbp%26code_challenge%3DdQlDYtTlRIf4QVskwYTFtNSzSLEHKkZ2Vi5tLCO3nMk%26code_challenge_method%3DS256%26nonce%3DNTdhV1BhekxYTjFQakFyMzAwWFhMeW9CRHAzVURfMEVUbk4weVl-aVZhZmtw&handler=ExternalLogin application/x-www-form-urlencoded 651 [00:41:39 INF] CORS policy execution failed. [00:41:39 INF] Request origin https://localhost:44366 does not have permission to access the resource. [00:41:39 INF] No CORS policy found for the specified request. [00:41:39 INF] Executing endpoint '/Account/Login' [00:41:39 INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login [00:41:39 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy [00:41:39 INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnPostExternalLogin - ModelState is Invalid [00:41:39 INF] Executed handler method OnPostExternalLogin, returned result Microsoft.AspNetCore.Mvc.ChallengeResult. [00:41:39 INF] Executing ChallengeResult with authentication schemes (["oidc"]). [00:41:39 INF] AuthenticationScheme: oidc was challenged. [00:41:39 INF] Executed page /Account/Login in 136.7324ms [00:41:39 INF] Executed endpoint '/Account/Login' [00:41:39 DBG] Added 0 entity changes to the current audit log [00:41:39 DBG] Added 0 entity changes to the current audit log [00:41:39 INF] Request finished in 159.1755ms 302
Hi @alper, I have found the root cause, I forgot to update the "audience" in HttpApi.Host project. Thanks