Activities of "gterdem"
You can check guide about communication between microservices, it can give some information about it.
Thank you, I have checked and reproduced the problem.
Fixed the related issue, it should be available in the next release.
I am sorry, I misspell it, I tried on 4.4.3, not 4.3.3.
Can you share the project that you reproduced to support@abp.io?
Redirect_uri's are declared when client is created. See https://support.abp.io/QA/Questions/1951/500-Internal-Server-Error-Invalid-redirecturi#answer-99adb092-2a26-5dbb-6bac-39ff6bc7b817
To clarify, do you want to deploy all your applications (Http.Api.Host, Web and IdentityServer) to same domain with sub folders? Web is running on: mydomain Http.Api.Host on: mydomain.com/api IdentityServer on: mydomain.com/account
If so, you will need to write Rewrite rule in load balancer (nginx i suppose) to redirect to /account
You can check deployment configurations docs. Also official identityserver4 deployment docs.
If you have already deployed identityserver, you can also share its link.
It is not possible to understand the error without checking the logs.
Please reproduce the error and then check the logs (Log/logs.txt or console output) and search for [ERR].
No, you can not use client_credentials in angular, it is server to server (backend to backend) flow.
Suggested authentication flow for SPA is Authorization Code with PKCE; you click to login and get redirected to authentication (identityserver) domain to login, then you login in that domain.
Other way is Resource Owner Password Credentials; where you host the login page in your SPA application and let users enter username/password to your frontend application instead of redirecting to identityserver.
I tried on both 4.3.3 version and preview 5.0 versions but couldn't reproduce the error. Can you share more details?
Is it a tiered application or non-tiered? Can you reproduce it after updating to 5.0 preview?
When you use password_grant, you use the user for authenticating to system and user has declared permissions for it (from roles or user permissions).
When you use client_credentials, you use secure and non-user an other system (back-end application forexample) for authenticating to system. So, we need to grant permissions to the non-user system since it can not have roles that has permissions.
If you are using postman to test and you need to grant a specific permission for your system; an easy way is to generate a guid and add it into dabase PermissionGrants table:
Where ProviderName is C (for ClientCredential) and ProviderKey is the name of your system (Client) saved in your IdentityServer Clients table
as usual useless answer from gterdem.
I am sorry if you are disappointed with my answer. Also i was not aware that I usually give useless answers. I was trying to point out the efficient ways to solve these kind of generic questions for you and for other users that may have the same issue with you in the near future.
However, being toxic is never good and never result with expected good result in any branch of any job. Toxic behaviour magnets other toxic people that can de-motivate you more then you think. Think about colleague stressing you with questions like
"How do you get paid if you need to ask this kind of question?", "At least don't write it down so that people shouldn't know the degree of your ignorance" or other non-constructive, negative and useless comments. That wouldn't be a healthy workplace nor a nice time to spend on.
This may not make any sense to you right now but probably it will, after 5-10 years.
That being said, we answered tens maybe hundreds of unrelated questions in support when asked properly as something like "Ok, I know this seems related with EfCore since i checked google but can you help me about ..."
please assign the ticket to someone else.
I am not sure how insulting will motivate a co-worker to help you about an unrelated 3rd party question.