POSTMAN connect/token

[HmertC]

Is there an existing issue for this?

• I have searched the existing issues

Description

I have a multi-layered ABP project. I use ANGULAR as the frontend. What I want to do is call the API methods from this another project. But I want to set up an API Key logic for this. Even though I send the necessary information to the connect/token address via POSTMAN, I do not receive any return value. I looked at the necessary resources on this subject, but it did not work. Is there any other API KEY logic I should set up for external requests or can I handle it with connect/token?

Reproduction Steps

POSTMAN request
body:

[
   {
      "key":"client_id",
      "value":"C**********r",
      "description":"",
      "type":"default",
      "enabled":true
   },
   {
      "key":"username",
      "value":"*****",
      "description":"",
      "type":"default",
      "enabled":true
   },
   {
      "key":"password",
      "value":"******",
      "description":"",
      "type":"default",
      "enabled":true
   },
   {
      "key":"grant_type",
      "value":"password",
      "description":"",
      "type":"default",
      "enabled":true
   },
   {
      "key":"client_secret",
      "value":"1q2w3e*",
      "description":"",
      "type":"default",
      "enabled":true
   }
]"header":[
   {
      "key":"__tenant",
      "value":"*******",
      "description":"",
      "type":"default",
      "enabled":false
   },
   {
      "key":"name",
      "value":"C*********r",
      "description":"",
      "type":"default",
      "enabled":false
   }
]

Expected behavior

No response

Actual behavior

No response

Regression?

No response

Known Workarounds

No response

Version

version "7.2.2"

User Interface

Angular

Database Provider

EF Core (Default)

Tiered or separate authentication server

Tiered

Operation System

Windows (Default)

Other information

No response

[maliming]

hi

This is related to the Identity Server or OpenIddict.

[HmertC]

I am using the OpenIddict. I check the Postman Request, but the token does not arrive. We still haven't figured out the reason for not coming.

[maliming]

You can check the logs.txt to see the OpenIddict status.

[HmertC]

Hi maliming,
This is the error message in my log.txt file :
The token request was successfully extracted: {
"client_id": "CastleService_Swagger",
"username": "admin",
"password": "[redacted]",
"grant_type": "password",
"client_secret": "[redacted]"
}.
2024-07-10 12:49:54.343 +03:00 [INF] The token request was rejected because the application 'CastleService_Swagger' was not allowed to use the specified grant type: password.
2024-07-10 12:49:54.365 +03:00 [INF] The response was successfully returned as a JSON document: {
"error": "unauthorized_client",
"error_description": "This client application is not allowed to use the specified grant type.",

I made all the settings. I don't understand why I'm getting this error.

[maliming]

the application 'CastleService_Swagger' was not allowed to use the specified grant type: password.

Add OpenIddictConstants.GrantTypes.Password to your CastleService_Swagger grant types.

https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Domain/OpenIddict/OpenIddictDataSeedContributor.cs#L219

[HmertC]

As far as I remember, I already added this. But I will review it and get back to you.

[HmertC]

hi maliming.
I managed to get a token for the admin, but when I make a request for other users, the token does not arrive. When registering in my project, I assign username = admin, only the tenant name is different. I send the Tenant name via postman, but I never receive a response. Even though my Tenant name is a registered user, I receive the token when I go with the admin information. How can I solve this situation? Should I send the tenant name with headers or body?

[maliming]

Add __tenant header to http request.

https://github.com/abpframework/abp/blob/dev/modules/openiddict/app/OpenIddict.Demo.Client.Console/Program.cs#L31

[HmertC]

Thank you. This worked. But now it's another problem. When trying to access my API from another project with Access_Token, TenantId = null appears. I looked at the documentation on this but couldn't find any results.

[maliming]

Please share your API module code.

[HmertC]

When I send a request from Postman

public async Task<List> GetAllTerminals()
{
var terminalList = await _terminalRepository.GetListAsync(x => x.TenantId == CurrentTenant.Id );
var responseDto = ObjectMapper.Map<List, List>(terminalList);
return responseDto;
}
on this line var terminalList = await _terminalRepository.GetListAsync(x => x.TenantId == CurrentTenant.Id );

CurrentTenant.Id is full of tenant information. When I send a request from another project

TypeScript

const myHeaders = new Headers();
myHeaders.append("Authorization", Bearer ${this.tokenService.token});
myHeaders.append("Cookie", ".AspNetCore.Culture=c%3Den%7Cuic%3Den; __tenant=3a13cc91-5d6a-d2e5-c141-ceafad3ba292");

const requestOptions = {
method: "GET",
headers: myHeaders,
redirect: "follow" as RequestRedirect
};
fetch("https://localhost:7004/api/app/terminal/terminals",requestOptions)
.then((response) => response.text())
.then((result) => console.log(result))
.catch((error) => console.error(error));

When a request comes to the method, CurrentTenant information is not filled

[HmertC]

[HmertC]