See you soon š
Hi,
No, it doesnāt mean that you have to maintain a separate Auth Server. In a modular monolith setup, your final application, which hosts all the modules, does not need to be tiered.
If you havenāt already completed it, I recommend going through this tutorial to better understand how to build a modular monolith application and the benefits of this architecture.
To sum up, using a modular monolith architecture does not require you to host a separate Auth Server or maintain an Auth Server. If you'd like, I can show you a quick demo during our meeting on Thursday to clarify this further.
Hi š,
From your Gif it seems that in addition to the Account module you also installed the OpenIddict UI module. Creating a non-tiered solution means using OpenIddict included in ABP, right?
Yes, that's correct. When you create a non-tiered solution, OpenIddict is included via ABP modules. However, since itās encapsulated within a module, you donāt need to manage or deploy it separately. The inclusion of the OpenIddict UI module should not be seen as a drawbackāit simply gives you flexibility if you ever decide to customize authentication flows in the future.
As for Jesseās point:
"Just to clarify. I want to use an external OIDC ID provider as the main login to my app. I do not want to use or maintain Auth server. Is this possible with ABP?"
Yes, this is absolutely possible. I believe what Jesse meant is that he does not want to maintain a separate AuthServer project. In a non-tiered solution, everything is hosted in a single application, and ABP takes care of the underlying OpenIddict setup through module references. So you're not responsible for deploying or maintaining a separate authorization serverāitās just a package dependency managed by the ABP team.
If I were to have multiple instances of my backend application this scenario would not work.
ABP is designed to support scalable, multi-instance deployments. Thereās no technical limitation preventing you from running multiple instances of your backend in this scenario. If you face any specific issues with this, I recommend opening a separate issue so we can help investigate further.
Thanks for bringing up this topicādefinitely valuable for many of us working with ABP.
Hi Jesse š,
Yes, it's possible to use an external OIDC identity provider as the main login without using the ABP AuthServer.
To do this:
"Allow to register and log in with local username and password" setting, as mentioned in the answer, so ABP doesnāt redirect to the AuthServer anymore.In the GIF below, I demonstrated this with Azure Entra ID, but you can apply the same approach with Auth0 ā there's no limitation.
ā ļø Important: Once you disable local login, you wonāt be able to sign in with the default admin user anymore. So before logging out, assign the admin role to the user who logs in through Auth0. Otherwise, youāll lose access to full permissions unless you manually update the database.
Let me know if you need help with the configuration.
Hello Jesse š,
I hope your trial license is going well āŗļø
To resolve this, please disable the setting highlighted in the screenshot below. Once disabled, the OpenID Connect provider you have configured will be used automatically.
Best regards,
Berkan ÅaÅmaz
Developer Advocate
https://www.berkansasmaz.com
Hi Ademaygun,
Thank you for your recent valuable feedback. I will open a separate issue to track this(#20294). We will proceed with using the suggested logos for Google and other popular options.
Closing this issue now. Feel free to re-open it or create a new one if you have further questions.
Hello,
I tried to reproduce the problem as you described, but unfortunately, I was not successful. Here is my configuration:
Can you provide more information so that I can reproduce the problem?
Hello Waqar,
Sorry for the late reply. I'm currently working on your issue. While trying to reproduce the problem, I discovered a different bug, which I'm addressing at the moment. Once that's resolved, Iāll continue working on reproducing your issue. If I'm still unable to reproduce it, I may reach out to request some additional information. Thank you for your understanding.
Hello, I used the information you provided to reproduce the problem. As a result, I added a middleware to the Blazor application as shown below. As you can see, I am able to access the access token, and the current user information is populated correctly. Could you clarify exactly where you are experiencing the issue?
OpenIdConnectOptions:
Hi Fabio.Zinesi,
Do you need it on client(Wasm) side or server side? Also, can you share the working version of AddMicrosoftIdentityWebApp's configuration?
