Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Works with v14 but not on Umbraco Cloud #37

Open
nul800sebastiaan opened this issue Oct 16, 2024 · 3 comments
Open

Works with v14 but not on Umbraco Cloud #37

nul800sebastiaan opened this issue Oct 16, 2024 · 3 comments

Comments

@nul800sebastiaan
Copy link
Owner

Note: this applies to the Bellissima branch

Everything works just great until Umbraco Cloud gets involved. This seems to have something to do with the UmbracoId identity provided.

In v13 and below, I would be able to rely on the behavior that anything under the /umbraco/[anything here] URL would magically have access to the backoffice authorization. So I "just" ask for the Claim that proves they have access to the Settings section in Umbraco and if that succeeds, all is well.

However, the UmbracoId provider, and presumably other identity providers are not providing me this authorization context for the /umbraco/hangfire route. So the Claims on that route actually result in just a null value (even asking for the current User is probably leading to a null).

@Migaroez kindly had a good long look at this problem and tried to solve it in a different way, by getting a Bearer token in the frontend and trying to do a fetch to /umbraco/hangfire with the bearer token. While this works, there are more links in the HTML, for scripts and CSS which would also need to be fetched separately somehow and injected into the iframe. There are also multiple other routes that you can click on in the hangfire dashboard which run into the same problem, so this is not a feasible solution.

So @Migaroez is of the opinion that we need to figure out some kind of preAuth to be done on the /umbraco/hangfire route.
I don't need that to be the exact route, that was only ever used so that I could easily take advantage of Umbraco's auth. So if the route needs to move, I'm good with that.

Unfortunately, I don't know where to even start, so I'd love some help from clever people who know more about OpenIddict!
@nul800sebastiaan
Copy link
Owner Author

nul800sebastiaan commented Oct 17, 2024
edited
Loading

Additionally: this ONLY fails on the actual Cloud server, it works locally.

Ps. I can give access to a test Cloud site for reproduction.

@nul800sebastiaan
Copy link
Owner Author

nul800sebastiaan commented Oct 17, 2024
edited
Loading

Locally, this works, but here is what it looks like on Cloud.

hangfire-broken.mp4

The exact same site locally however:

hangfire-working-locally.mp4

@StephenBenson-MRM
Copy link

Hey Sebastian!

Met you at CodeGarden!

Happy to see you are checking this one out!

We have this installed on our Cloud V14 Project, temporarily making the jobs recurring to get around this bug :D

As soon as there is any new version I will do a test install!

@nul800sebastiaan nul800sebastiaan mentioned this issue Oct 31, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nul800sebastiaan @StephenBenson-MRM