Open hikalkan opened 1 year ago
OpenIddict configuration
Developers need to configure the certificate of `AuthServer.
AddDevelopmentEncryptionAndSigningCertificate
for openiddict by default. https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.htmlAddDeveloperSigningCredential
for Identity Server by default.@maliming is this the reason why users need to re-login after each server deployment ?
@ahmednfwela
Can you explain it in detail?
@maliming I deploy my server on google cloud run using a docker image (with no volumes configured). so on each time I deploy the Auth Server, the old certificates that were used are lost and replaced by new ones. So when old users (using refresh tokens made by the old certificate) try to request a new access token, they get this error:
{
"error": "invalid_grant",
"error_description": "The specified token is invalid.",
"error_uri":"https://documentation.openiddict.com/errors/ID2004"
}
making them have to re-login
hi https://github.com/abpframework/abp/blob/08034310b15e9056c019403f500a507e2b4efbdd/modules/openiddict/app/OpenIddict.Demo.Server/OpenIddictServerModule.cs#L86 https://github.com/abpframework/abp/blob/08034310b15e9056c019403f500a507e2b4efbdd/modules/openiddict/app/OpenIddict.Demo.Server/OpenIddictServerModule.cs#L91
Hi,
1) I'm making initial migrations in localhost. So all URLs would be localhost that should be in database also. I need to change them manually for the first deployment:
IdentityServer:
[dbo].[IdentityServerClientCorsOrigins].[Origin]
[dbo].[IdentityServerClientPostLogoutRedirectUris].[PostLogoutRedirectUri]
[dbo].[IdentityServerClientRedirectUris].[RedirectUri]
OpenIddict:
[dbo].[OpenIddictApplications].PostLogoutRedirectUris
[dbo].[OpenIddictApplications].RedirectUris
[dbo].[OpenIddictApplications].ClientUri
2) For the similar reasons as 1, I'm using generally default secret keys. So, it may be a bit complicated to change them in the production database. (https://support.abp.io/QA/Questions/441/About-changing-client-secrets)
3) If I deploy Host project to IIS, I need to make change about WebDav. Otherwise PUT and DELETE requests don't work: Web.config
<modules runAllManagedModulesForAllRequests="false">
<remove name="WebDAVModule" />
4) After migrating from IdentityServer to OpenIddict I had to set "Load User Profile" setting to true in IIS (in Application Pool=> Advanced Settings)
5) Although it is standard procedure, it may be good to mention about that in Deployment docs. Developers must edit URLs in appsettings.json files both in Host and UI. For me, HostFolder\appsettings.json and BlazorFolder\wwwroot\appsettings.json
We've created notes for development. See all: https://docs.abp.io/en/abp/7.0/Deployment/Index I've created this issue to collect more notes to add to these documents.
We can add these: