Comments (13)
hi
Can you share the code to reproduce?
There should be no userId
in client_credentials
flow.
from abp.
Thanks for reply.
I just rewrote this method
public class AppTokenController : TokenController
{
protected override async Task HandleClientCredentialsAsync(OpenIddictRequest request)
{
// Note: the client credentials are automatically validated by OpenIddict:
// if client_id or client_secret are invalid, this action won't be invoked.
var application = await ApplicationManager.FindByClientIdAsync(request.ClientId);
if (application == null)
{
throw new InvalidOperationException(L["TheApplicationDetailsCannotBeFound"]);
}
// Create a new ClaimsIdentity containing the claims that
// will be used to create an id_token, a token or a code.
var identity = new ClaimsIdentity(
TokenValidationParameters.DefaultAuthenticationType,
OpenIddictConstants.Claims.PreferredUsername,
OpenIddictConstants.Claims.Role);
// The Subject and PreferredUsername will be removed by <see cref="RemoveClaimsFromClientCredentialsGrantType"/>.
// Use the client_id as the subject identifier.
identity.AddClaim(OpenIddictConstants.Claims.Subject, await ApplicationManager.GetClientIdAsync(application));
identity.AddClaim(OpenIddictConstants.Claims.PreferredUsername, await ApplicationManager.GetDisplayNameAsync(application));
identity.AddClaim(OpenIddictApplicationConstants.Claims.CustomerId, await ApplicationManager.GetCustomerIdAsync(application) ?? "");
// Note: In the original OAuth 2.0 specification, the client credentials grant
// doesn't return an identity token, which is an OpenID Connect concept.
//
// As a non-standardized extension, OpenIddict allows returning an id_token
// to convey information about the client application when the "openid" scope
// is granted (i.e specified when calling principal.SetScopes()). When the "openid"
// scope is not explicitly set, no identity token is returned to the client application.
// Set the list of scopes granted to the client application in access_token.
var principal = new ClaimsPrincipal(identity);
principal.SetScopes(request.GetScopes());
principal.SetResources(await GetResourcesAsync(request.GetScopes()));
await OpenIddictClaimsPrincipalManager.HandleAsync(request, principal);
return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
}
}
from abp.
Make sure there is no userId
claim in your principal
.
from abp.
I did not find userId in the rewrite method debugging
from abp.
Please share the full error stack or a simple test project.
from abp.
thinks.
this error cannot be replicated locally ,no error log was recorded for local debugging.
Can you determine whether to search user information according to granttype
from abp.
There is no user concept in the client_credentials
flow.
from abp.
claim type sub mapTo userId ?
from abp.
Make sure there is no
userId
claim in yourprincipal
.
from abp.
This seems to be a problem. I will find a way to fix this.
from abp.
will this issue be resolved in the future?
from abp.
See #20045
from abp.
thank you
from abp.
Related Issues (20)
- Cms Kit - The Send button can be clicked more than once and an error is received
- Fix the `flicker` problem duing switch from server to wasm. HOT 1
- Test and fix the `null` exception of blazor webapp. HOT 1
- CMS Kit - Improvement in editing approval system for comments
- Error in Get Started Console and Build HOT 1
- AbpRedisCache.ConnectAsync will throw InvalidCastException
- How configure route for resolving tenant using RouteTenantResolveContributor HOT 1
- The show/hide icon on the password field does not change when the user toggles it. HOT 1
- Customizing an existing AppService leads to duplication when generating the HTTP layer HOT 7
- Upgrade Hangfire.AspNetCore
- Deploy, reverse proxy and cloudfare HOT 4
- Enhance AbpRedisCahce HOT 3
- How to avoid global blocking in distributed event handlers
- Service Exposure Case Sensitivity
- IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty. HOT 3
- Make `DateTimeExtensionProperty` support `DisplayFormatAttribute`.
- Remove LeptonX folder if current theme is Basic
- After upgrading ABP from 7.3 to 8.1, logging in (connect/token) returns a 404 error HOT 1
- Creating a Module in ABP Results in Missing Projects and Dependency Errors
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from abp.