ayan.poddar/eShopOnContainers
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add Docker-destopp upgrate to 2.2

Miguel Veloso 2020-03-23 16:10:36 +00:00
parent 318738061d
commit 500b658966
3 changed files with 38 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
images/unauthorized_client-error-on-Login/docker-compose-override-file.png Normal file

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 106 KiB

BIN
images/unauthorized_client-error-on-Login/env-file.png Normal file

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

44
unauthorized_client-error-on-Login.md

@ -1,12 +1,20 @@
> **CONTENT**
- [Causes](#causes)
- [Details](#details)
- [Client not registered in Identity Server](#client-not-registered-in-identity-server)
- [Docker Desktop upgraded to 2.2 and higher](#docker-desktop-upgraded-to-22-and-higher)
- [Not starting from the correct address](#not-starting-from-the-correct-address)
- [Details](#details)
- [Identity Server](#identity-server)
- [Startup address](#startup-address)
- [Solutions](#solutions)
## Causes
This error occurs because the connecting app isn't registered in the IdentityServer database as an authorized client.
### Client not registered in Identity Server
This error occurs because the connecting app (the "Client") isn't registered in the IdentityServer database as an authorized client.
The authorized client registration occurs when the Identity DB is seeded, and in eShopOnContainers this happens when the DB is first created. So this only happens when first installed or when restarting the Identity service if the DB has been deleted.
@ -25,7 +33,17 @@ When registering the clients, eShopOnContainers reads the values from the follow
- WebhooksWebClient
```
### Details
### Docker Desktop upgraded to 2.2 and higher
Docker [removed DockerNAT in Docker Desktop Community 2.2](https://docs.docker.com/docker-for-windows/release-notes/#known-issues-1) so you can't use `localhost` to access a container and you must switch to `host.docker.internal`
### Not starting from the correct address
This can be the result of any, or a combination, of the two causes above.
## Details
### Identity Server
IdentityServer uses the `RedirectUri` to decide if the connecting client is authorized
@ -39,12 +57,26 @@ The authorized clients are registered in the `Clients` table and the related red
It's important to keep in mind that if the application is registered as `http://host.docker.internal:5004` but started as `http://localhost:5104` it's considered to be a different one, so it'll get the `unauthorized_client` message.
### Startup address
The startup address is defined in the `.env` file and used in `docker-compose.override.yml` as shown in the following images.
**.env file**
![](images/unauthorized_client-error-on-Login/env-file.png)
**cocker-compose.override.yml** file
![](images/unauthorized_client-error-on-Login/docker-compose-override-file.png)
## Solutions
So the possible solution are:
So the possible solution could be one or a combination of:
1. Make sure you are starting the app from the correct address.
2. Update the `ClientRedirectUris` table to the correct values.
2. Update the `.env` file as needed.
3. Drop the `IdentityDb` database and restart the `Identity` service, after updating the `docker-compose.override.yml` file, or the `configmap.yaml` in Kubernetes, so that all the clients are registered correctly.
3. Update the `ClientRedirectUris` table to the correct values.
4. Drop the `IdentityDb` database and restart the `Identity` service, after updating the `docker-compose.override.yml` file, or the `configmap.yaml` in Kubernetes, so that all the clients are registered correctly.