Identity mgmt basics

Strak · August 28, 2018, 4:12pm

Hi Sebastien,

Thanks for releasing the Identity service, and I hope your move was successful!

I’m trying to do a basic setup of the identity service in Squidex cloud, but falling at the first hurdle. I don’t even know how to access the login screen of my identity app, nevermind add new identity providers.

The next step for me will be to see if it can be integrated into a Xamarin.Forms app, to use as a general identity provider for the app.

I know that it’s only in Alpha which is why the documentation is limited. Is there any basic information that you can share which could help me? I’m happy to help put this into a quick start guide if that’s needed, I’m just totally stuck for the moment, perhaps because I don’t have much experience working with identity management systems.

Thanks

Sebastian · August 28, 2018, 4:31pm

Hi strak, thanks for your interest.

First of all: The identity service is not integrated into our cloud yet and I am not sure if it will ever be, because there are some restrictions with the identity system in asp.net core that are hard to handle.

You have to host it by yourself. If you want I can also host it for you.

There are a few settings you have to set: https://github.com/Squidex/squidex-identity/blob/master/Squidex.Identity/appsettings.json, what is really important is the name of your app and the client id and secret.

The external authentication providers are called “Authentication Schemas” in our schemas and I hope there are relatively straight forward to add. You also need a client for your app.

Strak · August 28, 2018, 7:21pm

Hi Sebastian,

Ok I didn’t realise I needed a standalone version. I’ll have a go at setting up my own server and go from there.

Maybe a quick check to see if my use case is feasible before I go down that route. I want to use Squidex Identity as an Identity Server for a Xamarin app.

My plan is to configure Xamarin.Auth to authenticate with Squidex identity using either email address or social network account, so I don’t need to write code for each separate social network.

Is that use case possible? The bit I’m not really sure of is how the social network integration would work.

Sebastian · August 28, 2018, 7:32pm

Hi Strak, this is exactly the use case that Squidex Identity is designed for. It is a wrapper around IdentityServer, which is an implementation for OAuth and OpenId Connect, just like Auth0.

Strak · August 28, 2018, 9:04pm

Ok, it’s actually the bit about displaying Facebook login, page, reset password flow, etc. from within the app that’s confusing me.

As a browser will need to be launched to show Facebook login for example, I can’t see how I can do that through Squidex identity. I know there’s a web login form provided, but I don’t see how I can do those things from a Xamarin app.

I can’t quite get my head round the theory, I think I just need to try it!

Strak · August 28, 2018, 10:25pm

Ok, trying to run the docker image from Windows. I assumed that I needed to run a windows container, but had the following error:

C:\WINDOWS\system32>docker run squidex/squidex-identity:dev
Unable to find image ‘squidex/squidex-identity:dev’ locally
dev: Pulling from squidex/squidex-identity
docker: image operating system “linux” cannot be used on this platform.
See ‘docker run --help’.

After switching to Linux containers, I get this:

C:\WINDOWS\system32>docker run squidex/squidex-identity:dev
docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused “exec: “dotnet”: executable file not found in $PATH”: unknown.

Am I missing something obvious?

Sebastian · August 29, 2018, 7:58am

It is a linux container, which was broken. But I fixed it now. You also need a MongoServer because I have some small data to be stored. But it should be very easy to write providers for other databases, I would be happy to see a PR there.

I am talking about these 2 stores here only: https://github.com/Squidex/squidex-identity/tree/master/Squidex.Identity/Stores/MongoDb

About xamarin: I found the following article: https://docs.microsoft.com/de-de/xamarin/xamarin-forms/enterprise-application-patterns/authentication-and-authorization

Strak · August 30, 2018, 10:49am

Thanks,

So far I have:

MongoDB running in Docker
Identity app created in squidex cloud
SquidexIdentity git cloned and running in Visual Studio, app settings updated to my cloud identity app + token info.
Connection to MongoDB seems to be ok, as Identity_PersistedGrants and Identity_XmlRepository were automatically created in the database

When I run the app and try to register a new email address, I get the following error:

SquidexException: Squidex Request failed: {“details”:[],“statusCode”:400}
Squidex.ClientLibrary.SquidexClientBase.EnsureResponseIsValidAsync(HttpResponseMessage response, string token)
Squidex.ClientLibrary.SquidexClientBase.RequestAsync(HttpMethod method, string path, HttpContent content, QueryContext context)
Squidex.ClientLibrary.SquidexClient<TEntity, TData>.CreateAsync(TData data, bool publish)
Squidex.Identity.Model.UserStore.CreateAsync(UserEntity user, CancellationToken cancellationToken) in UserStore.cs
+
var result = await apiClient.CreateAsync(user.Data, true);
Microsoft.AspNetCore.Identity.UserManager.CreateAsync(TUser user)
Microsoft.AspNetCore.Identity.UserManager.CreateAsync(TUser user, string password)
Squidex.Identity.Pages.RegisterModel.OnPostAsync() in Register.cshtml.cs
+
var result = await UserManager.CreateAsync(user, Input.Password);

I think it’s connecting to the identity app, because if I change the token so it’s incorrect I get a different error.

I’m a bit stuck at this point - any ideas?

Sebastian · August 30, 2018, 11:09am

Can you give me the client id and secret to your app so I can debug it?

Sebastian · August 30, 2018, 11:26am

I found an issue with the email regex. I will keep you informed.

Sebastian · August 30, 2018, 11:50am

Hi,

can you just remove the email regex from your email field in the user schema?

I have also made some bugfixes and added defaults to the settings: https://github.com/Squidex/squidex-identity/blob/master/Squidex.Identity/appsettings.json#L36

Strak · August 30, 2018, 1:24pm

Took me a little bit too long to realise that you meand the Squidex Identity app schema and not somewhere in the code

Got through to the next step, with another error - from email address not set. There’s a typo on the name of the sender email property name.

In file SettingsData.cs

public string SmptSender { get; set; }

Should be updated to

public string SmtpSender { get; set; }

When I changed that it sent the mail. What’s strange is that the mail has gone to my gmail promotions folder, so it took me a while to find it.

Sebastian · August 30, 2018, 1:32pm

I fixed that with the commit that added the default settings.

Strak · August 30, 2018, 7:08pm

Oops, thought I’d updated but I hadn’t. It’s fine now.

For info, the link isn’t coming through with the password reset mail, but I haven’t had time to look at the code for it properly to see why.

I get this:
Please click here to reset your password.

Sebastian · August 30, 2018, 7:15pm

Strange, I also fixed that. I will check it tomorrow.

Strak · August 30, 2018, 8:39pm

Sorry for the spam…

Now I have a different problem. I don’t think I’ve changed anything but I can no longer run the app. I get the following error.

SquidexException: The app, schema or entity does not exist.
Squidex.ClientLibrary.SquidexClientBase.EnsureResponseIsValidAsync(HttpResponseMessage response, string token)

I think it’s communicating with Squidex cloud and my identity app because if I change any of the appName, clientId or clientSecret I get a different error. I’ve also created a new identity app, but still get the same error. App details below.

“appName”: “strakid”,
“clientId”: “strakid:default”,
“clientSecret”: “/eERM4tHHBkpFqcjpBKDum1Yu0LdCW2DnnrdqLmxEAg=”,

I deleted the code on my PC and did a new git clone in case I changed something by mistake but I still get the same error.

Sebastian · August 31, 2018, 6:56am

Hi, when do you get this error? Do you have a stacktrace and are you really sure that the config is correct?

Strak · August 31, 2018, 7:56am

It’s as soon as I run the app from Visual Studio. Here’s the stack trace:

SquidexException: The app, schema or entity does not exist.
Squidex.ClientLibrary.SquidexClientBase.EnsureResponseIsValidAsync(HttpResponseMessage response, string token)
Squidex.ClientLibrary.SquidexClientBase.RequestAsync(HttpMethod method, string path, HttpContent content, QueryContext context)
Squidex.ClientLibrary.SquidexClient<TEntity, TData>.GetAsync(string id, QueryContext context)
Squidex.Identity.Extensions.PageModelBase<TDerived>.GetUserAsync() in PageModelBase.cs
+
            var user = await UserManager.GetUserAsync(User);
Squidex.Identity.Extensions.ManagePageModelBase<TDerived>.OnPageHandlerExecutionAsync(PageHandlerExecutingContext context, PageHandlerExecutionDelegate next) in ManagePageModelBase.cs
+
            UserInfo = await GetUserAsync();
Microsoft.AspNetCore.Mvc.RazorPages.Internal.PageActionInvoker.InvokeInnerFilterAsync()
Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextResourceFilter()
Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Rethrow(ResourceExecutedContext context)
Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Next(ref State next, ref Scope scope, ref object state, ref bool isCompleted)
Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync()
Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync()
Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext)
IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events) in IdentityServerMiddleware.cs
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.Invoke(HttpContext context)
IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in BaseUrlMiddleware.cs
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.MigrationsEndPointMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.DatabaseErrorPageMiddleware.Invoke(HttpContext httpContext)
Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore.DatabaseErrorPageMiddleware.Invoke(HttpContext httpContext)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

I’m pretty sure I have the client details correct, and I can see that there’s some sort of connection as the number of API calls is increasing.

I tried deleting everything again, and took a new clone from Git. When I leave the settings as your original identity-test app it does load the page with no error.

When I change to the client details below I get an error, so it must be either something I’m setting incorrectly, or something in my Squidex app which isn’t working.

“appName”: “strakid”,
“clientId”: “strakid:default”,
“clientSecret”: “/eERM4tHHBkpFqcjpBKDum1Yu0LdCW2DnnrdqLmxEAg=”,

Screenshot from the app in Squidex cloud:

Sebastian · August 31, 2018, 10:49am

Do you have an appSettings.Development.json?

Strak · August 31, 2018, 2:31pm

No, only appSettings.json.

I can’t understand what has happened as it was working early yesterday evening, or why I can connect using the squidex cloud app with the settings included in the Git.

Is it possible that there’s an issue with my Squidex cloud account? Are there any other configuration settings that have been added in the last update?