Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce IdentityUserIntegrationService #16962

Merged
merged 3 commits into from
Jun 25, 2023
Merged

Introduce IdentityUserIntegrationService #16962

merged 3 commits into from
Jun 25, 2023

Conversation

hikalkan
Copy link
Member

@hikalkan hikalkan commented Jun 25, 2023
edited
Loading

IUserRoleFinder is used by RolePermissionManagementProvider to get a list of role names of a user to be able to manage the user's permissions.

The remote implementation of the IUserRoleFinder interface is HttpClientUserRoleFinder which was using IIdentityUserAppService.GetRolesAsync method. IIdentityUserAppService is an application service and implements authorization. When you implement a microservice solution, permission management can be in one service and identity management can be in another service. In that case, the permission microservice makes an HTTP request to obtain user's roles. Since the used appservice method requires authorization, we were authenticating the permission microservice first, then authorizing it to be able to use the remote identity service.

That authentication/authorization brings additional complexity. We want to remove that, so we will use an non-authorized integration service for that reason.

This is a breaking change for microservice solutions, because of two reasons:

  • That permission to identity service call is not authorized anymore. That won't break applications, but should be cared.
  • Since integration services are not exposed by default, we should explicitly enable it (see how to expose it). Otherwise, the operation is failed and you get a 404 error from the identity microservice.

@hikalkan hikalkan marked this pull request as ready for review June 25, 2023 15:07
@hikalkan hikalkan requested a review from maliming June 25, 2023 15:07
@hikalkan hikalkan added this to the 7.4-preview milestone Jun 25, 2023
@hikalkan hikalkan merged commit fa585f0 into dev Jun 25, 2023
3 of 4 checks passed
@hikalkan hikalkan deleted the identity-integration-service branch June 25, 2023 15:08
@hikalkan hikalkan mentioned this pull request Jun 25, 2023
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maliming maliming Awaiting requested review from maliming

Assignees
No one assigned
Labels
abp-module-identity breaking change
Projects
None yet
Milestone
7.4-preview
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@hikalkan