nfactor26 / pixel-identity Goto Github PK

View Code? Open in Web Editor NEW

135.0 9.0 27.0 2.47 MB

Bootstrapper for https://github.com/openiddict/openiddict-core and Asp.net Identity with a blazor based UI .

Home Page: https://nfactor26.github.io/pixel-identity/

License: MIT License

HTML 9.07% C# 65.62% CSS 0.31% Dockerfile 0.21% JavaScript 24.78%

asp-net-core aspnetcore openiddict blazor openid-connect dotnet oauth2 oauth2-server

pixel-identity's Introduction

Pixel Identity

Pixel Identity is a blazor based UI on top of https://github.com/openiddict/openiddict-core and Asp.Net Core Identity with an aim to quickly setup an OpenID Connect service for your applications. Pixel Identity provides a web based UI to manage Users and Roles associated with Asp.Net Core Identity as well as entities like OpenIddictApplicationDescriptor and OpenIddictScopeDescriptor required by https://github.com/openiddict/openiddict-core.

Branches

main : Ongoing dev for migrating to dotnet 8 and openiddict v5.x
dotnet6 : This is the stable version with dotnet 6 and openiddict v4.x.

Features

Support for multiple databases such as MongoDB, Postgres SQL and Microsoft SQL Server.
Blazor based UI to easily manage users, roles, applications and scopes.
Extensible design using plugins.
Host inside docker or standalone on windows/linux

Getting started

Please see documentation https://nfactor26.github.io/pixel-identity/ to get started.

pixel-identity's People

Contributors

Stargazers

Watchers

pixel-identity's Issues

Road map for 1.0.0 officially release

hi Team,

Really impressed with your work. I can see you are in the 1.0.0 Beta release now.

We want to use this to replace our Identity Server 4 in production.

So, can you provide a road map for how long this project could be really for production?

Thanks!

Update to openiddict v4.7.0 & Ephemeral Key & Deploy on Google Cloud Run

Great work! Thank you!
I have to change only 3 details to succesfully run the Provider from source code:

change http to https everywhere
correctly set certificates path and Plugins path in appsettings.json (I'm working on macOS so I need to use '/')
comment | X509KeyStorageFlags.EphemeralKeySet in StartUp.cs when loading certificates from file

I have 4 questions, I hope you can help me...

Do you have a roadmap to update to latest openiddict-core (4.7.0)?
What about removing EphemeralKeySet in my source code?
Now I'm running on localhost for testing but I'm going to move to Google Cloud Run (Artifact Registry Containers) in production so: it is a good practice to load certificates with COPY.... via Dockerfile or there is a better (technical/security) way (ENV VARS?)?
For Google Cloud Run deployment I need to move all settings in Environment vars, is it correct?

Thank you!!

asp.net identity can not Generate custom fields?

add a custom fields in ApplicationUser ,Running programs。The database does not have this field

public class ApplicationUser : IdentityUser
{
///

/// constructor
///

public ApplicationUser()
{

}

/// <summary>
/// constructor
/// </summary>
/// <param name="userName">name of the user</param>      
public ApplicationUser(string userName) : base(userName)
{

}
[PersonalData]
public virtual string department_name { get; set; }

}

Error ID2043

I deployed the project to Google Cloud Run with minimal refactory in startup.cs to allow:

reading certificate from Google Secret Manager and
listening from any urls (as described in Cloud Run documentation):

 // Google Cloud Run Settings
var port = Environment.GetEnvironmentVariable("PORT") ?? "8080";
var url = $"http://0.0.0.0:{port}";

webBuilder.UseStartup<Startup>().UseUrls(url);

The application start and migrations runs, correctly update database, I can see UI... but the connect/authorize request response 404 Bad Request.
Note that redirect_uri seem to be correct in database (it works in localhost env...)

error:invalid_request
error_description:The specified 'redirect_uri' is not valid for this client application.
error_uri:https://documentation.openiddict.com/errors/ID2043

Details

You can try here: https://xxxxx.xxxxx.it/pauth

pixel-identity-windows: Bad Request - Invalid Hostname

client_credentials scopes

Thanks for this awesome project!

I have a doubt about using scope with client_credentials flow. Why the defined scopes are not presented in the access_token by default?

I already set the expected scopes to a specific application, so I was expecting the scopes, but I need to send the requested scopes on the token endpoint, wouldn't it be easier if the scopes were already presented in the response ?

[Question] Disable new user registration

Is it possible to disable registrations for new users ?
I'd prefer to create those with the admin user

Requires an authenticated user at first start

Hello,

First of all, thank you for this amazing work !

I'm trying to make pixel-identity running through Visual Studio. I want to customize the code by adding Azure Configuration and Azure Vault, so I can't use the out-of-the-box docker. (Furthermore I won't use Docker so the code is perfect for me).

Reading the documentation, I've configured the appsettings.json as following :

{
  "InitAdminUser": "[email protected]",
  "InitAdminUserPass": "Admi9@pixel",
  "IdentityHost": "http://localhost:44382/pauth",
  "AllowedOrigins": "http://localhost:44382",
  "ConnectionStrings": {
    "PostgreServerConnection": "[LOCALHOST POSTGRESQL CONNECTION STRING HERE]"
  },
  "Plugins": {
    "Collection": [
      {
        "Type": "DbStore",
        "Path": "Plugins\\DbStore",
        "Name": "Pixel.Identity.Store.PostgreSQL"
      },
      {
        "Type": "EmailSender",
        "Path": "Plugins\\Messenger",
        "Name": "Pixel.Identity.Messenger.Console"
      }
    ]
  }
}

I've made the changes by managing the secrets for the user, by modifying the secrets.json file.

When running the code, I got an issue about Docker Desktop which wasn't install on my machine. Because I don't plan to use Docker, I removed anything talking about Docker in the code.
Then I got another issue telling me that the Pixel.Identity.Store.Sql.Shared project was not found so I added a direct dependency to the main project.

From here, the code compiles, and the UI starts. The localhost database is also fulfilled with the admin account. Great !

But unfortunately, without doing anything else, I have this error in the UI :

There was an error trying to log you in: 'Bad Request (400)'

And looking at the output window on Visual Studio, here are the logs I got :

Initializing host services...
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
ClaimsAuthorizationRequirement:Claim.Type=identity_read_write and Claim.Value is one of the following values: (scopes)
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
ClaimsAuthorizationRequirement:Claim.Type=identity_read_write and Claim.Value is one of the following values: (applications)
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
ClaimsAuthorizationRequirement:Claim.Type=identity_read_write and Claim.Value is one of the following values: (roles)
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
ClaimsAuthorizationRequirement:Claim.Type=identity_read_write and Claim.Value is one of the following values: (users)
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.

When I try to hit the "LOGIN" button, the UI seems to refresh, and I get the same error from the UI. But in the output window, nothing is logged.

If I click Home, the UI keeps saying me that I made a bad request, and the output logs are just

info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed. These requirements were not met:
DenyAnonymousAuthorizationRequirement: Requires an authenticated user.

Finally, I can create a user bit hitting the REGISTER button. In the database, the user is successfully created. But on the UI, after the registration, nothing happens. I'm still having the Bad Request error, and I still can't use the LOGIN button.

To make the investigation easier, I've forked the project here : https://github.com/maximeozenne/pixel-identity

But I didn't change much things so...

Do you know what is happening please ?

Thanks again, and have a nice day !

external login provider

I'm trying the GitHub extension from aspnet-contrib and I'm stuck in the callback. Do you have any working example ?

I found the Velusia to use as a start point, but it uses the new built-in web providers

Logout from Sample App with error alert in Pixel Identity

I have made some others tests:

Pixel Identity correctly running
Sample.Service.Api correctly running
Samples.Blazor.App correctly running
Login in Pixel Identity with user A
Reloading Sample.Blazor.App I'm correctly logged in with user A
Now I logout from Sample.Blazor.App
THE ISSUE: in Pixel Identity (I not reload page where I'm already logged) seem that I'm still logged as user A but if I click on any nav menu link I receive an error (MudBlazor Red Alert in the upper right corner) with message:

'<' is an invalid start of a value. Path: $ | LineNumber: 1 | BytePositionInLine: 0.

Inspecting http calls, for example clicking on Account > profile link menu, there is a call to

https://localhost:44382/pauth/api/users/name/**USERNAME**

that response 302 redirect to

https://localhost:44382/pauth/Identity/Account/Login?ReturnUrl=%2Fpauth%2Fapi%2Fusers%2Fname%2F**USERNAME**

and this request response 200 OK with HTML content.

There is something wrong that I have done? Thank you.

OpenIddict 4.2 and .NetCore 7.0

This looks like a fantastic solution, but I'm having problems running it from VS 17.6.0 Preview 2.0. Unless It looks like there is one startup project: Pixel.Identity.Provider, but when I try to build and debug, I just get "Unable to connect to web server 'IIS Express'."
I thought that it was conflicting with another localhost:44382, but after changing the port, deleting the .vs folder and other IIS debugging, same result. It might be related to the new Preview release, but I thought that I'd ask.

Also, I tried bumping up to .NET 7.0 and the new OpenIddict v4.2, but it didn't help. I hope that you have plans to keep this project going. Can't wait to get it up and running. Thank you!