Here is the CoMedClaimsPrincipalContributor.cs used in test;
using System.Threading.Tasks;
using Volo.Abp.DependencyInjection;
using Volo.Abp.Security.Claims;
namespace CoMed.AuthServer;
public class CoMedClaimsPrincipalContributor : IAbpClaimsPrincipalContributor, ITransientDependency
{
public async Task ContributeAsync(AbpClaimsPrincipalContributorContext context)
{
await Task.CompletedTask;
}
}
steps to create a test;
mkdir CoMed
cd CoMed
abp new CoMed -t microservice-pro -u blazor
cd etc
cd docker
.\up.ps1
cd ..
cd ..
open \apps\auth-server\CoMed.AuthServer.sln in visual studio
add CoMedClaimsPrincipalContributor.cs file. (path: apps\auth-server\src\CoMed.AuthServer\CoMedClaimsPrincipalContributor.cs)
return to console
dotnet restore
dotnet build /graphBuild
.\run-tye.ps1
open browser browse https://localhost:44307 see afterLeptonXInitialization error still exists in v6.1 login with default credentials go to openid/applications tab create new application: clientid: demo displayname: Demo password: 123456 type: confidential client allow password flow allow client credentials flow allow refresh token flow give access to all scopes save the app close the browser stop the tye. ctrl+c reopen CoMed.AuthServer.sln project run project with CoMed.AuthServer profile. Place break point on CoMedClaimsPrincipalContributor/ContributeAsync method. Open postman ui. 1 - test with password flow:
var client = new RestClient("https://localhost:44322/connect/token");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("client_id", "demo");
request.AddParameter("client_secret", "123456");
request.AddParameter("grant_type", "password");
request.AddParameter("username", "admin");
request.AddParameter("password", "1q2w3E*");
request.AddParameter("scope", "offline_access");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
see break-point hits three times.
2 - copy the refresh_token value, use in your own test. test with refresh_token flow and see break point does not hit.
var client = new RestClient("https://localhost:44322/connect/token");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("refresh_token", "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZDQkMtSFM1MTIiLCJraWQiOiIxNzQ5Njc3QzkwRjU1MDUyNTYwNDc0QUM4RDhGMjk2QTA2NkI4RDNCIiwidHlwIjoib2lfcmVmdCtqd3QifQ.joQFH7tLYdrHK1_g5B0p3i8Xvq-kivcQX7wtPwtHRMmxnfD_1csi1ik7GwpqWPfKKdC1X4NvXvBBw0PqgUmn11VsxJe8l8_PFZa9_p1M7OWKkbuKkkpU58Bb-cuw7VV-_lzeqKF4xqugK3Aeko5HAvESqwHoWARaw0BX1xnooue5D8lT-wtxeqbN9qY3kwFXnaIltosTQ6QqAQeGQ2Ft4NUd5QRI3hsv74LA3kDf2biJDtGxKmM-8JvA9ouA0trGg0EzS9b2vXuHDL4uFmWDrcMj9oLMgmcnXSO88d04gn--eU65VtDa_lu7ZYCiwPtJ5eX2BqVbdWl-YX9FSxsz5Q.WrtU66BNpifWT7RO3Aq-qA.kWx0LOOQmNmOHKJF79J_8eBzNytPr4pAR8AULxBHFRUAa4DkTVCKuxMbadF_lo9-Pw7Wr0cqKLvMl5DEh80J5Y726aO4qJRpBZQnkdLO_lKyfqKFohc86r9Cu0GWVfgJUvRd7e12_gJD7cWLZYN_wsfB1XQtGp-HnmzarJnECcAKUE4l__Ri_0cxQInoZhsdN27quYj3Qy-DiAoL6I3kmtjUalv3Qr00g8mPdnho3Ej3l-riu8ZvjNQokvsnCnkaCbCHQ_B4Do1ecYHEXPmVeObTf-L_GQmFan29AnuktXwPJfBQko0obDkRSdL5kLp1mroi-pgMo-ExFpYlgnAyt6fq0173vS4cnHcBHrnDWkeSZmcuT0PzSBmQc4C4KV0vEJxCPA8TqWUzixJ7IWwtWUfqMseDmgJG3pXTL43RiW1ZhdehnHmrw3hFRK5zG539OwCXTNGPcaVMB4kO29qihlRhiyxIvz9-DmPSXyzxFVDJVEsXbv5PLy0hv-OnBJgW7o3T7-FTmr1ckvmeb7yiXL35JFJ4JKbDJuVtHwQV-2bSssNIwjdOeNoJqxMoaH9rnmcAtn97PJt0hWH5nB8y4m1tXW4zP1fkmS2yPZmDEP3aFhgK1RlXW3tQWpSYN_TvT92_1BSyTo6nkNwNAraZGaTin9JLHp4uUUfORvwlqGmH3ji7UD4t1SXWAXYo09w5RjIc9ANnkN5d17JTeZGTrEj9A0_kXriLyjUm5GDJAKu2x-isp0zqHlnUXxBQpQn06XO9R2Aeu0jVcoX0Mxi36zS0yER_d1TX0mShbdU9rec4f9E5E-c53_tvIKW2yD6dbp-YnwMlgwi7AP0_YOQbpCwIvi04qZ77KJOLt2tRp0gHSk5oC4lepB7a4wGchdO0dAcj-BjLbVIqau-8YK_OLE3UfpxNU0Xp0AAB1XCWrijd3d3sD_9Qq52D7xy4JN7E0Rs_3sDQhGr36AX5Iew1lOZ-FWvUb7Cr30N_Eq6tbj7y-ubF4zxsFgb97frN9fupO71OKQx1ql1AF0TbAyT9Rs1fdHqYkPOkpoDEUflraitwYehnRFWumLfQCp7oaZ0hwdwpgJF9q4IATdf4fCJ0TRjXmmFk5YG7n6j7XIYBzXBd1ucg2XOybMI2YaU5mAvDj0O2esTEJd-EwUTt719myGyixUVLzFw25LUxc9fdcdIinvBffuMytkJbLe2LREs95SuACVMeZ6RT_x151gtl93vBwQWkuil_5UgyJVjdWVwOrRE5pPNU1siU3e6-ofxBPlZo7motsgAB3kyEdHrIIhd8Of1HwEuXefLPKV9LAurMGNau8x5HwkyJ6WkxVKuXRaIq1iGlR977WCqLA5WHw9j3MYPxkpB255KaQk3SDHke1KASduX5NbEfj3N9ttDOGB-cTGzRuItgI0vG8-hlRrC0xOP2g7sL6SElRAwWtiD3uxURFAJOt6TK12TAQ_RlNLWhvve-TVpbIqJkE4XdAJYHxaGegCbg07_iBvXX8qGByr1KLDaueAH0D2Zs-JkCbawJHa7lTAddkLRO19AdtGczRb-8vQhpFvPP3i526MBrY23pMeeRUasgbP4Tda1bTetbN7gNbVUm-icesy2gL9KPlJJQ0jnrA_miE3Vt89RQnevv5SVJgtNrXZlOASqHSLWozpj3E7sPAXDUH-jTi6KH71GgqG5GzwRenH5AN8Y2VdXllY24uzXt6tf_6x-recZGHY8AbQoP5DLhS9hSmfrCVAFPhfdhGuK77aiNPJMLPGLFSgnmu84BhXd7j5Qv0YhOH4FTm7cAlAxJGVatcg9wP_wu1HMdmPMWJ7q38aRlUawaGBeRzdQHnzq5UvlOcK1LboxbJe4-sulXSnxaiPXM2ZdbSY0l3ZkmNZrC5snhAsnGSUaF_soLRRBaDthtVza8q97Jqpi4y97vKRM_UwZubbaWv5VLF3K358BBabM9nz7qiUdR0B4Ib00UTrUIUY9Kjs7TWftPAAR7CdbKxo96hCf8rXMo7aXAOzG6t2t7a0IujucKK2i4wpYJZlj1-8xcFcu1vcvxXrGdLHXxlQU39Tgmus5OpHLkZY4hbLvsUpjV7jy4Cf_n7WGMR910fCtiZCfhPN9bvZ7oklh-HeAv34mvb94kfjjilHDqrbk.jC3WoYCk0LGa9NzsuVvE1GC0mv65plGJk-1swnm17iQ");
request.AddParameter("client_id", "demo");
request.AddParameter("client_secret", "123456");
request.AddParameter("grant_type", "refresh_token");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
Bu there is a problem. I insist that IAbpClaimsPrincipalContributor is nothing to do with refresh_token flow. Is there anyone else can confirm me? Please do not answer if you have only assumptions but not tested for yourself.
Nope, I will not supply any further information. I am sick of endless questions.The issues is so clear, I asked you where the DefaultTokenService is gone, you said there is an alternative. I said alternative is not acting same when the flow is refresh_token. This is the summary and enough to see what is going on. If you have something to say, this information is enough. I am not your beta tester. I am tired of this buggy abp version. It already took 15 days to migrate. I am on live, stressed enough and I dont accept any meaningless questions anymore. If you are not able to give me a proper answer, please dont pretend to do so. This version of abp sucksssssss.. It is 5 times slower than before.. If you have nothing to say, close the ticket.
I created a micro service pro project Run the solution Added a demo client with client_credentials and refresh_token options available.
Folowed the steps in the document; https://docs.abp.io/en/abp/latest/Authorization#claims-principal-factory
Added a ClaimsPrincipalContributor file to authserver project
Called the token endpoint using client_credentials flow. I successfully interrupted the flow and breakpoint on ContributeAsync method hit. I called the token endpoint using refresh_token flow. The ContributeAsync is not visited.
So the ContributeAsync method is only visited on client_credentials flow. On IS4 version, I created DefaultTokenService class and this class is visited on both flows.
I just tested the refresh_token flow. Suggested solution does not suitable for refresh_tokens. The solutions is fine for password flow. IdentityServer4's DefaultTokenService was working as expected. I need to alter/add claims to token even in the refresh_token flow.
Is there any estimation for the release date?
1 - Create new project: abp new Demo -t microservice-pro -u blazor 2 - go to (solution_root)/etc/docker 3 - run .\up1.sh 4 - go to (solution_root)/shared/Demo.DbMigrator 5- run: dotnet run --environment "Development" 6- open sql management studio, configure connection; Server=localhost,1434, User Id=sa, password=myPassw0rd 7- open Demo_Identity/OpenIddictApplications table 8- check for the value in Persmissions column of clientId=Demo_Blazor row. Here is the initial value; ["ept:logout","gt:authorization_code","rst:code","ept:authorization","ept:token","ept:revocation","ept:introspection","scp:address","scp:email","scp:phone","scp:profile","scp:roles","scp:AccountService","scp:IdentityService","scp:AdministrationService","scp:SaasService","scp:ProductService"] 9- go to solution root folder 10- run solution: .\run-tye.ps1 (note: first run sometimes fails, so I kill the process and run it again when working on a brand-new project) 11- open blazor site: https://localhost:44307/ 12- login: admin 1q2w3E* 13- go to /administration/openid/applications tab 14- edit Demo_Blazor application 15- click save button without changing any data. 16- follow the steps 6,7,8 and check for the persmissions data on the table. 17- built-in scopes are gone; ["ept:logout","gt:authorization_code","rst:code","ept:authorization","ept:token","ept:revocation","ept:introspection","scp:ProductService","scp:SaasService","scp:AdministrationService","scp:IdentityService","scp:AccountService"] 18- scp:address","scp:email","scp:phone","scp:profile","scp:roles are missing after update. 19- if you logout from blazor app, you cant login back because of the missing data. here is the error message you get when you try to login back; error:invalid_request error_description:This client application is not allowed to use the specified scope. error_uri:https://documentation.openiddict.com/errors/ID2051
Can you help me for this issue?
Thanks.
Thanks, once more. You saved the day again.
DemoApplicationClient is created using blazor app UI and client_credentials,refresh_token,password flow options checked.