I test the case, the angular client or react client logout,and logoutId has value. but the PostLogoutRedirectUri always null. how to fix it?!

the code:
private async Task BuildLogoutViewModelAsync(string logoutId)
{
var vm = new LogoutViewModel { LogoutId = logoutId, ShowLogoutPrompt = AccountOptions.ShowLogoutPrompt };

        if (User?.Identity.IsAuthenticated != true)
        {
            // if the user is not authenticated, then just show logged out page
            vm.ShowLogoutPrompt = false;
            return vm;
        }

        var context = await _interaction.GetLogoutContextAsync(logoutId);
    

        vm.Client = context?.ClientName;  //has value
        vm.PostLogoutRedirectUri = context?.PostLogoutRedirectUri;   //null,the value is already in database table ClientPostLogoutRedirectUris.
    
        return vm;
    }

I cloned the project and it's running but noticed that \src\Frontend\Jp.AdminUI is missing. Looking around, I do see that both build.bat and start.bat in the build folder do reference the folder but it's not there. If the code in the JPProject.IdentityServer4.AdminUI repo up to date with the latest files? I did get it running and connected to this builds API but thought I'd mention it.

Before I forget, THANK YOU for all the work on this project! It's very much appreciated!!!

DOWLOADED AND RUN AS ADMIN

when using edge and chrome for login, after submitting the login button, the login page every time shows and does not redirect to the next pages. the login is a success and the redirect to /connect.... but the login page showed again. this is ok when using firefox and worked correctly.

How To Solve:
If change HTTP to HTTPS protocols everything is ok! but you should solve bigger problems! usings HTTPS internal and outer Kubernetes network have more problems!

The documentation in quickstarts/vs_vscode.html has a screen dump of the solution's startup projects, where the projects JP.UI.SSO and JP.UserManagement are set to "Start". But JP.UserManagement is not in the solution JPProject.SSO.sln. In addition, there are several projects listed (Jp.Domain.Core, Jp.Infra.CrossCutting.Bus, etc) which are not in JpProject.SSO.sln.

The build scripts (such as build.bat, start.bat) seems to be outdated.
It does not match the current folder/project structure.
Thanks.

Active directory maintains user name and passwords, is it possible to integrate with that?

I'm build docker image and run it, but when I using http the redirect doen;t work..

_signInManager.PasswordSignInAsync()will take 5 seconds every time.

I find the DB table [Users], the primary key UserId is nvarchar(450) ，not Int identity primary key...

How to fix login too slow ..

Seems demo's pages are not working. For example if you try to list the users... the page show please wait message for ever :)

I try to add a new migration with new tables, but I cannot correctly generate the migration file with add-migration.

Describe the bug

The docker-compose currently uses MySQL as a database and works fine. When changing the docker-compose file to use SQL Server the jpproject-sso image does not launch. This results in nginx giving a 502 Bad gateway error because the project never launched.

All other images including the API launch successfully. I have identified that the issue happens due to the seeding of the database when calling EnsureCreated().

The process freezes somewhere on a SaveChangesAsync() call. However this does not happen consistently. Sometimes (rarely) everything launches normally including the SSO, but more often than not the SSO freezes, breaking the project.

Because of this I have decided to use MySQL for the time being, but would like to use MSSQL Server in the future.

jpdatabase_1          | SQL Server 2019 will run as non-root by default.
jpdatabase_1          | This container is running as user root.
jpdatabase_1          | Your master database file is owned by root.
jpdatabase_1          | To learn more visit https://go.microsoft.com/fwlink/?linkid=2099216.
jpproject-api_1       | [12:47:33 INF] Testing conection with database
jpproject-api_1       | [12:47:34 INF] Entity Framework Core 3.1.3 initialized 'SsoContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: MigrationsAssembly=Jp.Database
jpdatabase_1          | 2020-05-11 12:47:36.37 Server      Microsoft SQL Server 2017 (RTM-CU19) (KB4535007) - 14.0.3281.6 (X64)
jpdatabaJan 23 2020 21:00:04
jpdatabaCopyright (C) 2017 Microsoft Corporation
jpdatabaDeveloper Edition (64-bit) on Linux (Ubuntu 16.04.6 LTS)
2020-05-11 12:47:36.38 Server      UTC adjustment: 0:00
2020-05-11 12:47:36.38 Server      (c) Microsoft Corporation.
2020-05-11 12:47:36.38 Server      All rights reserved.
2020-05-11 12:47:36.39 Server      Server process ID is 40.
2020-05-11 12:47:36.39 Server      Logging SQL Server messages in file '/var/opt/mssql/log/errorlog'.
2020-05-11 12:47:36.39 Server      Registry startup parameters:
jpdataba -d /var/opt/mssql/data/master.mdf
jpdataba -l /var/opt/mssql/data/mastlog.ldf
jpdataba -e /var/opt/mssql/log/errorlog
2020-05-11 12:47:36.40 Server      SQL Server detected 1 sockets with 1 cores per socket and 2 logical processors per socket, 2 total logical processors; using 2 logical processors based on SQL Server licensing. This is an informational message; no user action is required.
2020-05-11 12:47:36.40 Server      SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.
2020-05-11 12:47:36.41 Server      Detected 1592 MB of RAM. This is an informational message; no user action is required.
2020-05-11 12:47:36.41 Server      Using conventional memory in the memory manager.
2020-05-11 12:47:36.54 Server      Buffer pool extension is already disabled. No action is necessary.
2020-05-11 12:47:36.76 Server      InitializeExternalUserGroupSid failed. Implied authentication will be disabled.
2020-05-11 12:47:36.76 Server      Implied authentication manager initialization failed. Implied authentication will be disabled.
2020-05-11 12:47:36.77 Server      Successfully initialized the TLS configuration. Allowed TLS protocol versions are ['1.0 1.1 1.2']. Allowed TLS ciphers are ['ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA'].
2020-05-11 12:47:36.81 Server      The maximum number of dedicated administrator connections for this instance is '1'
2020-05-11 12:47:36.81 Server      Node configuration: node 0: CPU mask: 0x0000000000000003:0 Active CPU mask: 0x0000000000000003:0. This message provides a description of the NUMA configuration for this computer. This is an informational message only. No user action is required.
2020-05-11 12:47:36.82 Server      Using dynamic lock allocation.  Initial allocation of 2500 Lock blocks and 5000 Lock Owner blocks per node.  This is an informational message only.  No user action is required.
2020-05-11 12:47:36.83 Server      In-Memory OLTP initialized on lowend machine.
2020-05-11 12:47:36.88 Server      Database Instant File Initialization: enabled. For security and performance considerations see the topic 'Database Instant File Initialization' in SQL Server Books Online. This is an informational message only. No user action is required.
ForceFlush is enabled for this instance.
2020-05-11 12:47:36.89 spid6s      Starting up database 'master'.
2020-05-11 12:47:36.90 Server      Query Store settings initialized with enabled = 1,
2020-05-11 12:47:36.92 Server      Software Usage Metrics is disabled.
ForceFlush feature is enabled for log durability.
2020-05-11 12:47:37.21 spid6s      Resource governor reconfiguration succeeded.
2020-05-11 12:47:37.22 spid6s      SQL Server Audit is starting the audits. This is an informational message. No user action is required.
2020-05-11 12:47:37.23 spid6s      SQL Server Audit has started the audits. This is an informational message. No user action is required.
2020-05-11 12:47:37.31 spid6s      SQL Trace ID 1 was started by login "sa".
2020-05-11 12:47:37.33 spid6s      Server name is 'a7675613e2ce'. This is an informational message only. No user action is required.
2020-05-11 12:47:37.35 spid20s     Always On: The availability replica manager is starting. This is an informational message only. No user action is required.
2020-05-11 12:47:37.36 spid20s     Always On: The availability replica manager is waiting for the instance of SQL Server to allow client connections. This is an informational message only. No user action is required.
2020-05-11 12:47:37.37 spid9s      Starting up database 'mssqlsystemresource'.
2020-05-11 12:47:37.19 spid9s      The resource database build version is 14.00.3281. This is an informational message only. No user action is required.
2020-05-11 12:47:37.20 spid6s      Starting up database 'msdb'.
2020-05-11 12:47:37.24 spid9s      Starting up database 'model'.
2020-05-11 12:47:37.51 spid9s      Polybase feature disabled.
2020-05-11 12:47:37.52 spid9s      Clearing tempdb database.
2020-05-11 12:47:37.53 spid18s     A self-generated certificate was successfully loaded for encryption.
2020-05-11 12:47:37.55 spid18s     Server is listening on [ 'any' <ipv6> 1433].
2020-05-11 12:47:37.56 spid18s     Server is listening on [ 'any' <ipv4> 1433].
2020-05-11 12:47:37.57 Server      Server is listening on [ ::1 <ipv6> 1434].
2020-05-11 12:47:37.58 Server      Server is listening on [ 127.0.0.1 <ipv4> 1434].
2020-05-11 12:47:37.59 Server      Dedicated admin connection support was established for listening locally on port 1434.
2020-05-11 12:47:37.61 spid18s     SQL Server is now ready for client connections. This is an informational message; no user action is required.
2020-05-11 12:47:37.91 spid9s      Starting up database 'tempdb'.
2020-05-11 12:47:37.99 spid9s      The tempdb database has 1 data file(s).
2020-05-11 12:47:38.00 spid20s     The Service Broker endpoint is in disabled or stopped state.
2020-05-11 12:47:38.02 spid20s     The Database Mirroring endpoint is in disabled or stopped state.
2020-05-11 12:47:38.04 spid20s     Service Broker manager has started.
2020-05-11 12:47:38.08 spid6s      Recovery is complete. This is an informational message only. No user action is required.
jpproject-api_1       | [12:47:38 INF] Executed DbCommand (16ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
jpproject-api_1       | SELECT 1
jpproject-api_1       | [12:47:38 INF] Executed DbCommand (11ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
jpproject-api_1       | SELECT OBJECT_ID(N'[__EFMigrationsHistory]');
jpproject-api_1       | [12:47:38 INF] Connection successfull
jpproject-api_1       | [12:47:38 INF] Check if database contains Client (ConfigurationDbStore) table
jpproject-api_1       | [12:47:38 INF] Executed DbCommand (8ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
jpproject-api_1       | SELECT CASE
jpproject-api_1       |     WHEN EXISTS (
jpproject-api_1       |         SELECT 1
jpproject-api_1       |         FROM [Clients] AS [c]) THEN CAST(1 AS bit)
jpproject-api_1       |     ELSE CAST(0 AS bit)
jpproject-api_1       | END
jpproject-api_1       | [12:47:38 INF] Check if database contains PersistedGrant (PersistedGrantDbStore) table
jpproject-api_1       | [12:47:38 INF] Executed DbCommand (1ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
jpproject-api_1       | SELECT CASE
jpproject-api_1       |     WHEN EXISTS (
jpproject-api_1       |         SELECT 1
jpproject-api_1       |         FROM [PersistedGrants] AS [p]) THEN CAST(1 AS bit)
jpproject-api_1       |     ELSE CAST(0 AS bit)
jpproject-api_1       | END
jpproject-api_1       | [12:47:38 INF] Checks done
jpproject-api_1       | [12:47:38 INF] Entity Framework Core 3.1.3 initialized 'SsoContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: MigrationsAssembly=Jp.Database
jpproject-api_1       | [12:47:38 INF] Executed DbCommand (1ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
jpproject-api_1       | SELECT [d].[Xml]
jpproject-api_1       | FROM [DataProtectionKeys] AS [d]
jpproject-api_1       | [12:47:38 INF] Creating key {c5a20961-31f9-4dbb-b179-13b8c0f986e4} with creation date 2020-05-11 12:47:38Z, activation date 2020-05-11 12:47:38Z, and expiration date 2020-08-09 12:47:38Z.
jpproject-api_1       | [12:47:38 INF] Entity Framework Core 3.1.3 initialized 'SsoContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: MigrationsAssembly=Jp.Database
jpproject-api_1       | [12:47:38 INF] Executed DbCommand (26ms) [Parameters=[@p0='?' (Size = 4000), @p1='?' (Size = 4000)], CommandType='Text', CommandTimeout='30']
jpproject-api_1       | SET NOCOUNT ON;
jpproject-api_1       | INSERT INTO [DataProtectionKeys] ([FriendlyName], [Xml])
jpproject-api_1       | VALUES (@p0, @p1);
jpproject-api_1       | SELECT [Id]
jpproject-api_1       | FROM [DataProtectionKeys]
jpproject-api_1       | WHERE @@ROWCOUNT = 1 AND [Id] = scope_identity();
jpproject-api_1       | [12:47:38 INF] Entity Framework Core 3.1.3 initialized 'SsoContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: MigrationsAssembly=Jp.Database
jpproject-api_1       | [12:47:38 INF] Executed DbCommand (0ms) [Parameters=[], CommandType='Text', CommandTimeout='30']
jpproject-api_1       | SELECT [d].[Xml]
jpproject-api_1       | FROM [DataProtectionKeys] AS [d]
jpproject-api_1       | [12:47:39 INF] Now listening on: http://[::]:80
jpproject-api_1       | [12:47:39 INF] Application started. Press Ctrl+C to shut down.
jpproject-api_1       | [12:47:39 INF] Hosting environment: Development
jpproject-api_1       | [12:47:39 INF] Content root path: /app 

To Reproduce
Steps to reproduce the behavior:

1. Edit database service in docker-compose.yml

      image: mcr.microsoft.com/mssql/server:2017-latest
      restart: unless-stopped
      expose: 
        - "1433"
      environment:
          ACCEPT_EULA: "Y"
          # SQL SA Password must be: min 8 characters, upper, lower and number or special character
          MSSQL_SA_PASSWORD: Let_Me_In

2. Change connection strings and database types in jpproject-api & jpproject-sso environment variables in docker-compose.yml

CUSTOMCONNSTR_SSOConnection: "Server=jpdatabase;Database=tempdb;User ID=sa;Password=Let_Me_In;MultipleActiveResultSets=true"
ApplicationSettings:DatabaseType: SqlServer

3. RUN docker-compose up

Expected behavior
Jpproject-sso container launches succesfully and gives output of its status.

Desktop (please complete the following information):

• OS: Windows 10 Pro

I'm have builed docker images API management and SSO.UI and rut it.

But After login it doesn;t redirect to Front end.

Describe the bug

The SSL certificate on demo website jpproject.net has expired.

Screenshots

build.bat has the following line:
dotnet build "../src/Backend/Jp.UserManagement"

but no such project exists.

As described in the docs the extensibility point to customize the user flow is the IIdentityFactory interface, but the UserAppService class is closed to extension making the flow coupled with the RegisterNewUserCommand.

I can think of two solutions for the short period I've studied the code:

1. Mark the methods of UserAppService as virtual, making it possible to override them and sending another command to mediatr. In this case it will work with a simple cast of the UserCommand to the desired command inside the factory as we can work with polymorphic dispatch;
2. Break the IIdentityFactory into another interfaces for each specific case and use a generic type as the parameter, something like ICreateIdentityFactory<TUser, TCommand>

The main idea is to reuse the out of box classes to avoid rewriting entire classes.

Hi Bruno, hope you are well,

I downloaded the latest version of this project and everything runs fine on localhost, but when I take it to "prod" speciffically the Usermanegement UI while register a new user the call to sign up api fails the first time, and gives 502 Error (Bad gateway), If I click register button again for a second time, Im able to register the user,

It is so weird, I was thinking about the request timeout on the api but I changed it and it is the same behavior,
Another thing I noticed was in the first call in the web browser console I see a cors issue, it is like the api is blocking the UI, but I didnt change anything in the api related to cors, actually they are as default.

this is a qa env https://usermanagement.rankeadictos.cl/login

hope you can help
Thanks you so much.

Hi,

I want to run this project locally in VS2019 and check it out:

• I got latest code
• modified the connection string, using SQL Server locally, generated the migrations and updated the database.
• when I try to debug I set as start projects:

• and browser show's this:

Any idea what I do wrong?

Describe the bug
When clients or protected resources are saved, it is deleting the secrets. in the case of protected resources, it clears secrets and scopes

To Reproduce
Steps to reproduce the behavior:

1. Go to client or protected resource edit screen
2. Click on Secrets
3. Add a new secret
4. Go back to the client edit screen and save

Expected behavior
That When client information or protected resource is changed, secrets are kept

Desktop (please complete the following information):

• OS: W10
• Browser chrome
• Version 83.0.4103.116

I tried running the full project (version 3.1) via docker-compose.

I have the instances running, but when i try to access any of the adminUI or user apps, i get errors pertaining to CORS.

Access to XMLHttpRequest at 'http://jpproject-sso:5001/.well-known/openid-configuration' from origin 'http://jpproject-sso:4400' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I am running this on windows

In the documentation, you reference MFA. How is MFA implemented? I can't seem to find anything in code to enable MFA or what forms are used. Does it support authenticator apps, a code via sms/email, or something else?

It looks like if we want to add that, I'll need to modify the JPProject.Core so the AminAPI can provide the functionality for configuration then change the SSO to implement MFA during login.

BTW, thanks for all the work you've put into this! I greatly appreciate the head start into what we're doing.

Hi,
I cannot find in the project a directory of migrations to be able to create the database afterwards. If I want to create it with the following command in the PM console, in Jp.Database project: Add-Migration DbInit -context SsoContext -output Data/Migrations, I have the following error: Unable to create an object of type 'SsoContext'. For the different patterns supported at design time.
do you have any idea?
thx

https://localhost:5002/ has already authorized by Authorization URL: https://localhost:5000/connect/authorize. When I try it out API
the log info : AuthenticationScheme: Bearer was not authenticated. Authorization failed.

2. the Http:/localhost:5002/swagger/index.html authorized by httsp://localhost:5000/,but when I refresh the web Http:/localhost:5002/swagger/index.html ,the web need authorize. Why?

How to fix the bug?Environment is development. Thanks.

Describe the bug
In the documentation I should find a project called "/Frontend/Jp.AdminUI" but I cannot find it in this Repo !

Is there any alternatives in SSO Repo ?

Describe the bug
Unable to remove a claim associated with a user. The API error message is __{"errors":{"RemoveUserClaimCommand":["Username must be set"]},"title":"One or more validation errors occurred.","status":400}

To Reproduce
Steps to reproduce the behavior:

1. Go to 'Users - Claims'
2. Click on 'the red cross to delete a claim'
3. Scroll down to '....'
4. See error: "1 Unknown error"

Expected behavior
the claim should be deleted.
after checking the controller's action, this is normal because the "username" is never bind to a parameter
[HttpDelete, Route("{username}/claims/{type}"), Authorize(Policy = "Admin")]
public async Task RemoveClaim(string type, string value)
{
var model = new RemoveUserClaimViewModel(type, value);
await _userManageAppService.RemoveClaim(model);
return ResponseDelete();
}
Also, looking at the network traffic in the browser, the claim value doesn't seem to be passed from the Angular Frontend

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

Regards

Is your feature request related to a problem? Please describe.
When add new Client, it encourage users to add old flows, almost deprecate, like Resource Owner Password credentials

Describe the solution you'd like
Change UI and routines to use Client Credentials and authorization_code instead implicit.

I'm using postgres when debug in VS 2019

    FROM "Clients" AS c)
[22:25:33 ERR] An exception occurred while iterating over the results of a query for context type 'Jp.Database.Context.SsoContext'.
Npgsql.PostgresException (0x80004005): 42P01: relation "Clients" does not exist
   at Npgsql.NpgsqlConnector.<>c__DisplayClass160_0.<<DoReadMessage>g__ReadMessageLong|0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at Npgsql.NpgsqlConnector.<>c__DisplayClass160_0.<<DoReadMessage>g__ReadMessageLong|0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at Npgsql.NpgsqlDataReader.NextResult(Boolean async, Boolean isConsuming)
   at Npgsql.NpgsqlCommand.ExecuteReaderAsync(CommandBehavior behavior, Boolean async, CancellationToken cancellationToken)
   at Npgsql.NpgsqlCommand.ExecuteDbDataReaderAsync(CommandBehavior behavior, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Query.Internal.QueryingEnumerable`1.AsyncEnumerator.InitializeReaderAsync(DbContext _, Boolean result, CancellationToken cancellationToken)
   at Npgsql.EntityFrameworkCore.PostgreSQL.Storage.Internal.NpgsqlExecutionStrategy.ExecuteAsync[TState,TResult](TState state, Func`4 operation, Func`4 verifySucceeded, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Query.Internal.QueryingEnumerable`1.AsyncEnumerator.MoveNextAsync()
  Exception data:
    Severity: ERROR
    SqlState: 42P01
    MessageText: relation "Clients" does not exist
    Position: 41
    File: parse_relation.c
    Line: 1180
    Routine: parserOpenTable
Npgsql.PostgresException (0x80004005): 42P01: relation "Clients" does not exist
   at Npgsql.NpgsqlConnector.<>c__DisplayClass160_0.<<DoReadMessage>g__ReadMessageLong|0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at Npgsql.NpgsqlConnector.<>c__DisplayClass160_0.<<DoReadMessage>g__ReadMessageLong|0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at Npgsql.NpgsqlDataReader.NextResult(Boolean async, Boolean isConsuming)
   at Npgsql.NpgsqlCommand.ExecuteReaderAsync(CommandBehavior behavior, Boolean async, CancellationToken cancellationToken)
   at Npgsql.NpgsqlCommand.ExecuteDbDataReaderAsync(CommandBehavior behavior, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Query.Internal.QueryingEnumerable`1.AsyncEnumerator.InitializeReaderAsync(DbContext _, Boolean result, CancellationToken cancellationToken)
   at Npgsql.EntityFrameworkCore.PostgreSQL.Storage.Internal.NpgsqlExecutionStrategy.ExecuteAsync[TState,TResult](TState state, Func`4 operation, Func`4 verifySucceeded, CancellationToken cancellationToken)
   at Microsoft.EntityFrameworkCore.Query.Internal.QueryingEnumerable`1.AsyncEnumerator.MoveNextAsync()
  Exception data:
    Severity: ERROR
    SqlState: 42P01
    MessageText: relation "Clients" does not exist
    Position: 41
    File: parse_relation.c
    Line: 1180
    Routine: parserOpenTable

I'm try to run backend and frontend project, and i got a problem like this :

but swagger don't have authorization to access Management API or i missing configuration?
problem is free when i remove this policy :

Thanks :)

Is there a way to set cross origin policy from environments in docker-compose file ?

I create a new MVC client use hybrid grant type.
`public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
IdentityModelEventSource.ShowPII = true;
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
options.AccessDeniedPath = "/Authorization/AccessDenied";
})
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = "https://jpprojectsso.inthink.top:5000"; //
options.RequireHttpsMetadata = false;
options.ClientId = "TestClient";
options.ClientSecret = "Client Secrets";
options.SaveTokens = true;
options.ResponseType = "code id_token";
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Clear();
options.Scope.Add(OidcConstants.StandardScopes.OpenId);
options.Scope.Add(OidcConstants.StandardScopes.Profile);
options.TokenValidationParameters = new TokenValidationParameters
{
//NameClaimType = JwtClaimTypes.Name,

                   //RoleClaimType = JwtClaimTypes.Role
               };
           });

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
//app.UseHsts();
}
// app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseRouting();

        app.UseAuthorization();
        app.UseAuthentication(); //signin-oidc 404 
        //app.UseMiddleware<AuthorizeRequestMiddleware>();  //connect/authorize 302redirect 
        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller=Home}/{action=Index}/{id?}");
        });
    }

and Controller like this: [Authorize]
public IActionResult Privacy()
{
return View();
}`

then deploy test enverioment. authorize success,but always 302 redirect...
How should resolute this problem?

Thanks,
Jing

This is an issue experienced on the latest 2.0 branch. master is ok.

When updating an existing client, the child relationships are duplicated.
Scopes, Grants, Redirect URIs

To Reproduce
Steps to reproduce the behavior:

1. Go to JPAdmin and take an existing client.
2. Clone the client.
3. Edit any field on the base client.
4. Save
5. Reload client view
6. Receive the following error on the JPProject.Api.Management

IdentityServer4.EntityFramework.Entities.Client -> IdentityServer4.Models.Client

Destination Member:
AllowedGrantTypes

 ---> System.InvalidOperationException: Grant types list contains duplicate values

Checking the database reveals that all children of the Client have been duplicated.

Describe the bug
I'm getting an error when i run the "docker-run.bat"

To Reproduce
Steps to reproduce the behavior:

1. Install Docker
2. Download https://github.com/brunohbrito/JPProject.IdentityServer4.SSO/releases/download/3.0.0/jpproject-docker.zip
3. Extract
4. Make sure the Docker is running
5. Run the "docker-run.bat"
6. Press any key

Screenshots

Desktop:

• OS: Windows 10
• Browser: Google Chrome

Is your feature request related to a problem? Please describe.
Actually SignUp endpoint there is no prevention agains bots.

Describe the solution you'd like
SignUp endpoint should have some bot prevention, like reCaptcha. UserAdmin endpoint should have a registration endpoint without reCaptcha, but protected by AuthServer.

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

Hi,

I just checked that the demo of this project has CORS error.

I think you can solve them by applying the actual array of permitted URL'S:
1 - get the list of URL's from appsettings:
string[] corsUrl = configuration.GetSection("ApplicationSettings:Cors").Get<string[]>();

2 - Load the array on startup:

services.AddCors(options =>
            {
                options.AddPolicy("Default",
                    builder => builder.AllowAnyOrigin()
                        .WithOrigins(corsUrl)
                        .SetIsOriginAllowed((host) => true)
                        .AllowAnyMethod()
                        .AllowAnyHeader());
            });

Hello, thanks for this project it is really great,

My issue is, I was trying to use this example from zero, I just installed the code for a quick start, locally works perfectly but when I deployed the code to my hosting turns out that redirecting while login to user management or admin ui urls im having a 404 Status even if im already logged the page for example https://subdomain.domainname.com/login is 404 status but im able to see the login page only with the login button, if I click on it I get 404 to the login-callback page

To Reproduce
Steps to reproduce the behavior:

1. Go to 'https://identity.rankeadictos.cl/'
2. Login with the Bruno's default credentials.
3. Click on 'User Management UI link'
4. F12 to see the console and what the issue is.
5. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

I havent changed anything to upload the code to webhosting, I only changed the Urls respectively

Regards

Describe the bug
Hi,

I noticed one situation which I belibe to be a Bug. Please correct me if I Am wrong:

https://github.com/brunohbrito/JPProject.Core/blob/d77db0ce2763d6cb1285308781f3f18a9c382417/src/SSO/JPProject.Sso.AspNetIdentity/Services/UserService.cs#L99

At this spot the link is generated with userId...

On the other end, at the front-end, an attribute named user is expected:
https://github.com/brunohbrito/JPProject.IdentityServer4.SSO/blob/13660631a97a5186e1a2e69cd5b228bbc09b6fab/src/Frontend/Jp.UserManagement/src/app/pages/confirm-email/confirm-email.component.ts#L44

This leads to the situation where the user cannot confirm his mail...

To Reproduce
Just create a new user with Mail feature active. Once the user clicks the confirm email button, the mail never gets confirmed...