Merge pull request #990 from colinin/fix-transaction

Fix transaction

aspnet-core/modules/identity/LINGYUN.Abp.Identity.Domain/LINGYUN/Abp/Identity/Session/IIdentitySessionStore.cs

@@ -19,6 +19,8 @@ public interface IIdentitySessionStore
     /// <param name="userId">用户id</param>
     /// <param name="clientId">客户端id</param>
     /// <param name="ipAddresses">ip地址</param>
+    /// <param name="signedIn">登录时间</param>
+    /// <param name="lastAccessed">上次访问时间</param>
     /// <param name="tenantId">租户id</param>
     /// <param name="cancellationToken"></param>
     /// <returns>创建完成的 <seealso cref="IdentitySession"/></returns>
@@ -29,6 +31,8 @@ public interface IIdentitySessionStore
         Guid userId,
         string clientId,
         string ipAddresses,
+        DateTime signedIn,
+        DateTime? lastAccessed = null,
         Guid? tenantId = null,
         CancellationToken cancellationToken = default);
     /// <summary>
@@ -124,7 +128,7 @@ public interface IIdentitySessionStore
     /// <param name="cancellationToken"></param>
     /// <returns></returns>
     Task RevokeAllAsync(
-        Guid userId, 
+        Guid userId,
         Guid? exceptSessionId = null,
         CancellationToken cancellationToken = default);
     /// <summary>
@@ -136,7 +140,7 @@ public interface IIdentitySessionStore
     /// <param name="cancellationToken"></param>
     /// <returns></returns>
     Task RevokeAllAsync(
-        Guid userId, 
+        Guid userId,
         string device,
         Guid? exceptSessionId = null,
         CancellationToken cancellationToken = default);
@@ -147,7 +151,7 @@ public interface IIdentitySessionStore
     /// <param name="cancellationToken"></param>
     /// <returns></returns>
     Task RevokeAllAsync(
-        TimeSpan inactiveTimeSpan, 
+        TimeSpan inactiveTimeSpan,
         CancellationToken cancellationToken = default);
     /// <summary>
     /// 撤销指定的会话

aspnet-core/modules/identity/LINGYUN.Abp.Identity.Domain/LINGYUN/Abp/Identity/Session/IdentitySessionManager.cs

@@ -7,64 +7,86 @@ using System.Threading.Tasks;
 using Volo.Abp.Auditing;
 using Volo.Abp.Domain.Services;
 using Volo.Abp.Identity;
+using Volo.Abp.Timing;
 
 namespace LINGYUN.Abp.Identity.Session;
 public class IdentitySessionManager : DomainService, IIdentitySessionManager
 {
     protected IDeviceInfoProvider DeviceInfoProvider { get; }
+    protected IIdentitySessionCache IdentitySessionCache { get; }
     protected IIdentitySessionStore IdentitySessionStore { get; }
     protected IdentityDynamicClaimsPrincipalContributorCache IdentityDynamicClaimsPrincipalContributorCache { get; }
 
     public IdentitySessionManager(
         IDeviceInfoProvider deviceInfoProvider,
+        IIdentitySessionCache identitySessionCache,
         IIdentitySessionStore identitySessionStore,
         IdentityDynamicClaimsPrincipalContributorCache identityDynamicClaimsPrincipalContributorCache)
     {
         DeviceInfoProvider = deviceInfoProvider;
+        IdentitySessionCache = identitySessionCache;
         IdentitySessionStore = identitySessionStore;
         IdentityDynamicClaimsPrincipalContributorCache = identityDynamicClaimsPrincipalContributorCache;
     }
 
     [DisableAuditing]
     public async virtual Task SaveSessionAsync(
-        ClaimsPrincipal claimsPrincipal, 
+        ClaimsPrincipal claimsPrincipal,
         CancellationToken cancellationToken = default)
-    { 
+    {
         if (claimsPrincipal != null)
         {
             var userId = claimsPrincipal.FindUserId();
-            var sessionId = claimsPrincipal.FindSessionId();
-            if (!userId.HasValue || sessionId.IsNullOrWhiteSpace())
-            {
-                return;
-            }
-            if (await IdentitySessionStore.ExistAsync(sessionId, cancellationToken))
+            var tenantId = claimsPrincipal.FindTenantId();
+
+            using (CurrentTenant.Change(tenantId))
             {
-                return;
-            }
-            var deviceInfo = DeviceInfoProvider.DeviceInfo;
+                var sessionId = claimsPrincipal.FindSessionId();
+                if (!userId.HasValue || sessionId.IsNullOrWhiteSpace())
+                {
+                    return;
+                }
+                if (await IdentitySessionStore.ExistAsync(sessionId, cancellationToken))
+                {
+                    return;
+                }
+                var deviceInfo = DeviceInfoProvider.DeviceInfo;
 
-            var device = deviceInfo.Device ?? IdentitySessionDevices.OAuth;
-            var deviceDesc = deviceInfo.Description;
-            var clientIpAddress = deviceInfo.ClientIpAddress;
+                var device = deviceInfo.Device ?? IdentitySessionDevices.OAuth;
+                var deviceDesc = deviceInfo.Description;
+                var clientIpAddress = deviceInfo.ClientIpAddress;
 
-            var tenantId = claimsPrincipal.FindTenantId();
-            var clientId = claimsPrincipal.FindClientId();
+                var clientId = claimsPrincipal.FindClientId();
+
+                Logger.LogDebug($"Save user session for user: {userId}, session: {sessionId}");
 
-            Logger.LogDebug($"Save user session for user: {userId}, session: {sessionId}");
+                await IdentitySessionStore.CreateAsync(
+                    sessionId,
+                    device,
+                    deviceDesc,
+                    userId.Value,
+                    clientId,
+                    clientIpAddress,
+                    Clock.Now,
+                    Clock.Now,
+                    tenantId,
+                    cancellationToken);
 
-            await IdentitySessionStore.CreateAsync(
-                sessionId,
-                device,
-                deviceDesc,
-                userId.Value,
-                clientId,
-                clientIpAddress,
-                tenantId,
-                cancellationToken);
+                Logger.LogDebug($"Remove dynamic claims cache for user: {userId}");
 
-            Logger.LogDebug($"Remove dynamic claims cache for user: {userId}");
-            await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(userId.Value, tenantId);
+                await IdentityDynamicClaimsPrincipalContributorCache.ClearAsync(userId.Value, tenantId);
+
+                await IdentitySessionCache.RefreshAsync(sessionId,
+                    new IdentitySessionCacheItem(
+                        device,
+                        deviceDesc,
+                        userId.Value,
+                        sessionId,
+                        clientId,
+                        clientIpAddress,
+                        Clock.Now,
+                        Clock.Now));
+            }
         }
     }
 

aspnet-core/modules/identity/LINGYUN.Abp.Identity.Domain/LINGYUN/Abp/Identity/Session/IdentitySessionStore.cs

@@ -7,24 +7,20 @@ using Volo.Abp;
 using Volo.Abp.DependencyInjection;
 using Volo.Abp.Guids;
 using Volo.Abp.Identity;
-using Volo.Abp.Timing;
 using Volo.Abp.Users;
 
 namespace LINGYUN.Abp.Identity.Session;
 public class IdentitySessionStore : IIdentitySessionStore, ITransientDependency
 {
-    protected IClock Clock { get; }
     protected ICurrentUser CurrentUser { get; }
     protected IGuidGenerator GuidGenerator { get; }
     protected IIdentitySessionRepository IdentitySessionRepository { get; }
 
     public IdentitySessionStore(
-        IClock clock,
         ICurrentUser currentUser,
         IGuidGenerator guidGenerator,
         IIdentitySessionRepository identitySessionRepository)
     {
-        Clock = clock;
         CurrentUser = currentUser;
         GuidGenerator = guidGenerator;
         IdentitySessionRepository = identitySessionRepository;
@@ -37,6 +33,8 @@ public class IdentitySessionStore : IIdentitySessionStore, ITransientDependency
         Guid userId,
         string clientId,
         string ipAddresses,
+        DateTime signedIn,
+        DateTime? lastAccessed = null,
         Guid? tenantId = null,
         CancellationToken cancellationToken = default)
     {
@@ -52,8 +50,8 @@ public class IdentitySessionStore : IIdentitySessionStore, ITransientDependency
             tenantId,
             clientId,
             ipAddresses,
-            Clock.Now,
-            Clock.Now
+            signedIn,
+            lastAccessed
         );
 
         identitySession = await IdentitySessionRepository.InsertAsync(identitySession, cancellationToken: cancellationToken);
@@ -90,14 +88,14 @@ public class IdentitySessionStore : IIdentitySessionStore, ITransientDependency
     }
 
     public async virtual Task<IdentitySession> FindAsync(
-        string sessionId, 
+        string sessionId,
         CancellationToken cancellationToken = default)
     {
         return await IdentitySessionRepository.FindAsync(sessionId, cancellationToken: cancellationToken);
     }
 
     public async virtual Task<IdentitySession> FindLastAsync(
-        Guid userId, 
+        Guid userId,
         string device,
         CancellationToken cancellationToken = default)
     {
@@ -105,7 +103,7 @@ public class IdentitySessionStore : IIdentitySessionStore, ITransientDependency
     }
 
     public async virtual Task<bool> ExistAsync(
-        string sessionId, 
+        string sessionId,
         CancellationToken cancellationToken = default)
     {
         return await IdentitySessionRepository.ExistAsync(sessionId, cancellationToken: cancellationToken);
@@ -126,7 +124,7 @@ public class IdentitySessionStore : IIdentitySessionStore, ITransientDependency
     }
 
     public async virtual Task RevokeAllAsync(
-        Guid userId, 
+        Guid userId,
         Guid? exceptSessionId = null,
         CancellationToken cancellationToken = default)
     {
@@ -134,8 +132,8 @@ public class IdentitySessionStore : IIdentitySessionStore, ITransientDependency
     }
 
     public async virtual Task RevokeAllAsync(
-        Guid userId, 
-        string device, 
+        Guid userId,
+        string device,
         Guid? exceptSessionId = null,
         CancellationToken cancellationToken = default)
     {
@@ -150,8 +148,8 @@ public class IdentitySessionStore : IIdentitySessionStore, ITransientDependency
     }
 
     public async virtual Task RevokeWithAsync(
-        Guid userId, 
-        string device = null, 
+        Guid userId,
+        string device = null,
         Guid? exceptSessionId = null,
         int maxCount = 0,
         CancellationToken cancellationToken = default)

aspnet-core/modules/identityServer/LINGYUN.Abp.IdentityServer.Portal/LINGYUN/Abp/IdentityServer/Portal/PortalGrantValidator.cs

@@ -46,13 +46,13 @@ public class PortalGrantValidator : IExtensionGrantValidator
     private readonly IHttpContextAccessor _httpContextAccessor;
 
     public PortalGrantValidator(
-        ILogger<PortalGrantValidator> logger, 
-        IOptions<IdentityServerOptions> options, 
-        IEventService events, 
-        IResourceOwnerPasswordValidator resourceOwnerValidator, 
-        IdentitySecurityLogManager identitySecurityLogManager, 
-        UserManager<IdentityUser> userManager, 
-        ICurrentTenant currentTenant, 
+        ILogger<PortalGrantValidator> logger,
+        IOptions<IdentityServerOptions> options,
+        IEventService events,
+        IResourceOwnerPasswordValidator resourceOwnerValidator,
+        IdentitySecurityLogManager identitySecurityLogManager,
+        UserManager<IdentityUser> userManager,
+        ICurrentTenant currentTenant,
         IEnterpriseRepository enterpriseRepository,
         IOptions<AbpAspNetCoreMultiTenancyOptions> multiTenancyOptions,
         IHttpContextAccessor httpContextAccessor)
@@ -89,7 +89,7 @@ public class PortalGrantValidator : IExtensionGrantValidator
         Guid? tenantId = null;
         using (_currentTenant.Change(null))
         {
-            var enterprise = parameters.Get("EnterpriseId");
+            var enterprise = parameters.Get("enterpriseId") ?? parameters.Get("EnterpriseId");
             if (enterprise.IsNullOrWhiteSpace() || !Guid.TryParse(enterprise, out var enterpriseId))
             {
                 // TODO: configurabled

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore.Session/LINGYUN/Abp/OpenIddict/AspNetCore/Session/AbpOpenIddictAspNetCoreSessionModule.cs

@@ -4,6 +4,7 @@ using LINGYUN.Abp.Identity.Session.AspNetCore;
 using Microsoft.Extensions.DependencyInjection;
 using Volo.Abp.Modularity;
 using Volo.Abp.OpenIddict;
+using static OpenIddict.Abstractions.OpenIddictConstants;
 
 namespace LINGYUN.Abp.OpenIddict.AspNetCore.Session;
 
@@ -31,5 +32,10 @@ public class AbpOpenIddictAspNetCoreSessionModule : AbpModule
             options.SignInSessionEnabled = true;
             options.SignOutSessionEnabled = true;
         });
+
+        Configure<AbpOpenIddictAspNetCoreSessionOptions>(options =>
+        {
+            options.PersistentSessionGrantTypes.Add(GrantTypes.Password);
+        });
     }
 }

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore.Session/LINGYUN/Abp/OpenIddict/AspNetCore/Session/AbpOpenIddictAspNetCoreSessionOptions.cs

@@ -0,0 +1,11 @@
+using System.Collections.Generic;
+
+namespace LINGYUN.Abp.OpenIddict.AspNetCore.Session;
+public class AbpOpenIddictAspNetCoreSessionOptions
+{
+    public List<string> PersistentSessionGrantTypes { get; set; }
+    public AbpOpenIddictAspNetCoreSessionOptions()
+    {
+        PersistentSessionGrantTypes = new List<string>();
+    }
+}

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore.Session/LINGYUN/Abp/OpenIddict/AspNetCore/Session/ProcessSignInIdentitySession.cs

@@ -1,5 +1,5 @@
 using LINGYUN.Abp.Identity.Session;
-using OpenIddict.Abstractions;
+using Microsoft.Extensions.Options;
 using OpenIddict.Server;
 using System.Threading.Tasks;
 
@@ -10,6 +10,7 @@ namespace LINGYUN.Abp.OpenIddict.AspNetCore.Session;
 public class ProcessSignInIdentitySession : IOpenIddictServerHandler<OpenIddictServerEvents.ProcessSignInContext>
 {
     protected IIdentitySessionManager IdentitySessionManager { get; }
+    protected AbpOpenIddictAspNetCoreSessionOptions AbpOpenIddictAspNetCoreSessionOptions { get; }
 
     public static OpenIddictServerHandlerDescriptor Descriptor { get; }
         = OpenIddictServerHandlerDescriptor.CreateBuilder<OpenIddictServerEvents.ProcessSignInContext>()
@@ -19,14 +20,18 @@ public class ProcessSignInIdentitySession : IOpenIddictServerHandler<OpenIddictS
             .SetType(OpenIddictServerHandlerType.Custom)
             .Build();
 
-    public ProcessSignInIdentitySession(IIdentitySessionManager identitySessionManager)
+    public ProcessSignInIdentitySession(
+        IIdentitySessionManager identitySessionManager,
+        IOptions<AbpOpenIddictAspNetCoreSessionOptions> abpOpenIddictAspNetCoreSessionOptions)
     {
         IdentitySessionManager = identitySessionManager;
+        AbpOpenIddictAspNetCoreSessionOptions = abpOpenIddictAspNetCoreSessionOptions.Value;
     }
 
     public async virtual ValueTask HandleAsync(OpenIddictServerEvents.ProcessSignInContext context)
     {
-        if (context.Request.IsPasswordGrantType() && context.Principal != null)
+        if (AbpOpenIddictAspNetCoreSessionOptions.PersistentSessionGrantTypes.Contains(context.Request.GrantType) &&
+            context.Principal != null)
         {
             await IdentitySessionManager.SaveSessionAsync(context.Principal, context.CancellationToken);
         }

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore.Session/LINGYUN/Abp/OpenIddict/AspNetCore/Session/RevocationIdentitySession.cs

@@ -3,6 +3,7 @@ using OpenIddict.Server;
 using System;
 using System.Security.Principal;
 using System.Threading.Tasks;
+using Volo.Abp.MultiTenancy;
 
 namespace LINGYUN.Abp.OpenIddict.AspNetCore.Session;
 /// <summary>
@@ -10,6 +11,7 @@ namespace LINGYUN.Abp.OpenIddict.AspNetCore.Session;
 /// </summary>
 public class RevocationIdentitySession : IOpenIddictServerHandler<OpenIddictServerEvents.HandleRevocationRequestContext>
 {
+    protected ICurrentTenant CurrentTenant { get; }
     protected IIdentitySessionManager IdentitySessionManager { get; }
 
     public static OpenIddictServerHandlerDescriptor Descriptor { get; }
@@ -20,17 +22,24 @@ public class RevocationIdentitySession : IOpenIddictServerHandler<OpenIddictServ
             .SetType(OpenIddictServerHandlerType.Custom)
             .Build();
 
-    public RevocationIdentitySession(IIdentitySessionManager identitySessionManager)
+    public RevocationIdentitySession(
+        ICurrentTenant currentTenant,
+        IIdentitySessionManager identitySessionManager)
     {
+        CurrentTenant = currentTenant;
         IdentitySessionManager = identitySessionManager;
     }
 
     public async virtual ValueTask HandleAsync(OpenIddictServerEvents.HandleRevocationRequestContext context)
     {
+        var tenantId = context.Principal.FindTenantId();
         var sessionId = context.Principal.FindSessionId();
-        if (!sessionId.IsNullOrWhiteSpace())
+        using (CurrentTenant.Change(tenantId))
         {
-            await IdentitySessionManager.RevokeSessionAsync(sessionId);
+            if (!sessionId.IsNullOrWhiteSpace())
+            {
+                await IdentitySessionManager.RevokeSessionAsync(sessionId);
+            }
         }
     }
 }

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore.Session/LINGYUN/Abp/OpenIddict/AspNetCore/Session/UserinfoIdentitySession.cs

@@ -3,6 +3,7 @@ using OpenIddict.Server;
 using System;
 using System.Security.Principal;
 using System.Threading.Tasks;
+using Volo.Abp.MultiTenancy;
 using static OpenIddict.Abstractions.OpenIddictConstants;
 using static OpenIddict.Server.OpenIddictServerHandlers.Userinfo;
 
@@ -12,30 +13,38 @@ namespace LINGYUN.Abp.OpenIddict.AspNetCore.Session;
 /// </summary>
 public class UserinfoIdentitySession : IOpenIddictServerHandler<OpenIddictServerEvents.HandleUserinfoRequestContext>
 {
+    protected ICurrentTenant CurrentTenant { get; }
     protected IIdentitySessionChecker IdentitySessionChecker { get; }
 
     public static OpenIddictServerHandlerDescriptor Descriptor { get; }
         = OpenIddictServerHandlerDescriptor.CreateBuilder<OpenIddictServerEvents.HandleUserinfoRequestContext>()
             .AddFilter<OpenIddictServerHandlerFilters.RequireUserinfoRequest>()
             .UseScopedHandler<UserinfoIdentitySession>()
-            .SetOrder(ValidateAccessTokenParameter.Descriptor.Order + 2_000)
+            .SetOrder(ValidateUserinfoRequest.Descriptor.Order + 2_000)
             .SetType(OpenIddictServerHandlerType.Custom)
             .Build();
 
-    public UserinfoIdentitySession(IIdentitySessionChecker identitySessionChecker)
+    public UserinfoIdentitySession(
+        ICurrentTenant currentTenant,
+        IIdentitySessionChecker identitySessionChecker)
     {
+        CurrentTenant = currentTenant;
         IdentitySessionChecker = identitySessionChecker;
     }
 
     public async virtual ValueTask HandleAsync(OpenIddictServerEvents.HandleUserinfoRequestContext context)
     {
+        var tenantId = context.Principal.FindTenantId();
         var sessionId = context.Principal.FindSessionId();
-        if (sessionId.IsNullOrWhiteSpace() ||
-            !await IdentitySessionChecker.ValidateSessionAsync(sessionId))
+        using (CurrentTenant.Change(tenantId))
         {
-            // Errors.InvalidToken --->  401
-            // Errors.ExpiredToken --->  400
-            context.Reject(Errors.InvalidToken, "The user session has expired.");
+            if (sessionId.IsNullOrWhiteSpace() ||
+            !await IdentitySessionChecker.ValidateSessionAsync(sessionId))
+            {
+                // Errors.InvalidToken --->  401
+                // Errors.ExpiredToken --->  400
+                context.Reject(Errors.InvalidToken, "The user session has expired.");
+            }
         }
     }
 }

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Portal/LINGYUN/Abp/OpenIddict/Portal/PortalTokenExtensionGrant.cs

@@ -52,7 +52,7 @@ public class PortalTokenExtensionGrant : ITokenExtensionGrant
     {
         LazyServiceProvider = context.HttpContext.RequestServices.GetRequiredService<IAbpLazyServiceProvider>();
 
-        var enterprise = context.Request.GetParameter("EnterpriseId")?.ToString();
+        var enterprise = context.Request.GetParameter("enterpriseId")?.ToString() ?? context.Request.GetParameter("EnterpriseId")?.ToString();
 
         Guid? tenantId = null;
         using (CurrentTenant.Change(null))

aspnet-core/services/LY.MicroService.Applications.Single/MicroServiceApplicationsSingleModule.Configure.cs

@@ -9,7 +9,12 @@ using LINGYUN.Abp.Identity.Session;
 using LINGYUN.Abp.IdentityServer.IdentityResources;
 using LINGYUN.Abp.Localization.CultureMap;
 using LINGYUN.Abp.Notifications;
+using LINGYUN.Abp.OpenIddict.AspNetCore.Session;
+using LINGYUN.Abp.OpenIddict.LinkUser;
 using LINGYUN.Abp.OpenIddict.Permissions;
+using LINGYUN.Abp.OpenIddict.Portal;
+using LINGYUN.Abp.OpenIddict.Sms;
+using LINGYUN.Abp.OpenIddict.WeChat;
 using LINGYUN.Abp.Saas;
 using LINGYUN.Abp.Serilog.Enrichers.Application;
 using LINGYUN.Abp.Serilog.Enrichers.UniqueId;
@@ -18,6 +23,7 @@ using LINGYUN.Abp.TextTemplating;
 using LINGYUN.Abp.WebhooksManagement;
 using LINGYUN.Abp.WeChat.Common.Messages.Handlers;
 using LINGYUN.Abp.WeChat.Localization;
+using LINGYUN.Abp.WeChat.Work;
 using LINGYUN.Abp.Wrapper;
 using LINGYUN.Platform.Localization;
 using LY.MicroService.Applications.Single.Authentication;
@@ -311,6 +317,15 @@ public partial class MicroServiceApplicationsSingleModule
             options.RefreshTokenReuseLeeway = lifetime.GetValue("RefreshTokenReuseLeeway", options.RefreshTokenReuseLeeway);
             options.UserCodeLifetime = lifetime.GetValue("UserCode", options.UserCodeLifetime);
         });
+        Configure<AbpOpenIddictAspNetCoreSessionOptions>(options =>
+        {
+            options.PersistentSessionGrantTypes.Add(SmsTokenExtensionGrantConsts.GrantType);
+            options.PersistentSessionGrantTypes.Add(PortalTokenExtensionGrantConsts.GrantType);
+            options.PersistentSessionGrantTypes.Add(LinkUserTokenExtensionGrantConsts.GrantType);
+            options.PersistentSessionGrantTypes.Add(WeChatTokenExtensionGrantConsts.OfficialGrantType);
+            options.PersistentSessionGrantTypes.Add(WeChatTokenExtensionGrantConsts.MiniProgramGrantType);
+            options.PersistentSessionGrantTypes.Add(AbpWeChatWorkGlobalConsts.GrantType);
+        });
     }
 
     private void ConfigureEndpoints(IServiceCollection services)
@@ -454,8 +469,8 @@ public partial class MicroServiceApplicationsSingleModule
         {
             // Rename IdentityServer.Client.ManagePermissions
             // See https://github.com/abpframework/abp/blob/dev/modules/identityserver/src/Volo.Abp.PermissionManagement.Domain.IdentityServer/Volo/Abp/PermissionManagement/IdentityServer/AbpPermissionManagementDomainIdentityServerModule.cs
-            options.ProviderPolicies[ClientPermissionValueProvider.ProviderName] = AbpOpenIddictPermissions.Applications.ManagePermissions; 
-            
+            options.ProviderPolicies[ClientPermissionValueProvider.ProviderName] = AbpOpenIddictPermissions.Applications.ManagePermissions;
+
             //if (configuration.GetValue<bool>("AuthServer:UseOpenIddict"))
             //{
             //    options.ProviderPolicies[ClientPermissionValueProvider.ProviderName] = AbpOpenIddictPermissions.Applications.ManagePermissions;

aspnet-core/services/LY.MicroService.Applications.Single/Program.cs

@@ -65,10 +65,11 @@ app.UseStaticFiles();
 app.UseRouting();
 app.UseCors();
 app.UseAuthentication();
+app.UseMultiTenancy();
+app.UseUnitOfWork();
 app.UseAbpOpenIddictValidation();
 app.UseAbpSession();
 app.UseDynamicClaims();
-app.UseMultiTenancy();
 app.UseAuthorization();
 app.UseSwagger();
 app.UseSwaggerUI(options =>

aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.Configure.cs

@@ -1,7 +1,13 @@
 using DotNetCore.CAP;
 using LINGYUN.Abp.Localization.CultureMap;
+using LINGYUN.Abp.OpenIddict.AspNetCore.Session;
+using LINGYUN.Abp.OpenIddict.LinkUser;
+using LINGYUN.Abp.OpenIddict.Portal;
+using LINGYUN.Abp.OpenIddict.Sms;
+using LINGYUN.Abp.OpenIddict.WeChat;
 using LINGYUN.Abp.Serilog.Enrichers.Application;
 using LINGYUN.Abp.Serilog.Enrichers.UniqueId;
+using LINGYUN.Abp.WeChat.Work;
 using LY.MicroService.AuthServer.Authentication;
 using Medallion.Threading;
 using Medallion.Threading.Redis;
@@ -10,7 +16,6 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.Caching.StackExchangeRedis;
@@ -19,7 +24,6 @@ using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Hosting;
 using Microsoft.IdentityModel.Logging;
-using OpenIddict.Validation.AspNetCore;
 using OpenTelemetry.Metrics;
 using OpenTelemetry.Resources;
 using OpenTelemetry.Trace;
@@ -334,6 +338,16 @@ public partial class AuthServerModule
             options.IsDynamicClaimsEnabled = true;
             options.IsRemoteRefreshEnabled = false;
         });
+
+        Configure<AbpOpenIddictAspNetCoreSessionOptions>(options =>
+        {
+            options.PersistentSessionGrantTypes.Add(SmsTokenExtensionGrantConsts.GrantType);
+            options.PersistentSessionGrantTypes.Add(PortalTokenExtensionGrantConsts.GrantType);
+            options.PersistentSessionGrantTypes.Add(LinkUserTokenExtensionGrantConsts.GrantType);
+            options.PersistentSessionGrantTypes.Add(WeChatTokenExtensionGrantConsts.OfficialGrantType);
+            options.PersistentSessionGrantTypes.Add(WeChatTokenExtensionGrantConsts.MiniProgramGrantType);
+            options.PersistentSessionGrantTypes.Add(AbpWeChatWorkGlobalConsts.GrantType);
+        });
     }
     private void ConfigureVirtualFileSystem()
     {

aspnet-core/templates/content/host/PackageName.CompanyName.ProjectName.HttpApi.Host/PackageName.CompanyName.ProjectName.HttpApi.Host.csproj

@@ -56,8 +56,7 @@
 		<PackageReference Include="Volo.Abp.AspNetCore.Serilog" />
 		<PackageReference Include="Volo.Abp.Caching.StackExchangeRedis" />
 		<PackageReference Include="Volo.Abp.AspNetCore.MultiTenancy" />
-		<PackageReference Include="Volo.Abp.OpenIddict.AspNetCore" Condition="'$(OpenIddict)'=='true'" />
-		<PackageReference Include="Volo.Abp.AspNetCore.Authentication.JwtBearer" Condition="'$(IdentityServer4)'=='true'" />
+		<PackageReference Include="Volo.Abp.AspNetCore.Authentication.JwtBearer" />
 		<PackageReference Include="Volo.Abp.Autofac" />
 		<PackageReference Include="Volo.Abp.DistributedLocking" />
 		<PackageReference Include="Volo.Abp.Swashbuckle" />

aspnet-core/templates/content/host/PackageName.CompanyName.ProjectName.HttpApi.Host/ProjectNameHttpApiHostModule.cs

@@ -14,11 +14,7 @@ using Microsoft.Extensions.Hosting;
 using PackageName.CompanyName.ProjectName.EntityFrameworkCore;
 using PackageName.CompanyName.ProjectName.SettingManagement;
 using Volo.Abp;
-#if OpenIddict 
-using Volo.Abp.OpenIddict;
-#elif IdentityServer4
 using Volo.Abp.AspNetCore.Authentication.JwtBearer;
-#endif
 using Volo.Abp.AspNetCore.MultiTenancy;
 using Volo.Abp.AspNetCore.Serilog;
 using Volo.Abp.Autofac;
@@ -54,11 +50,7 @@ namespace PackageName.CompanyName.ProjectName;
     typeof(AbpSettingManagementEntityFrameworkCoreModule),
     typeof(AbpLocalizationManagementEntityFrameworkCoreModule),
     typeof(AbpTextTemplatingEntityFrameworkCoreModule),
-#if OpenIddict
-    typeof(AbpOpenIddictAspNetCoreModule),
-#elif IdentityServer4
     typeof(AbpAspNetCoreAuthenticationJwtBearerModule),
-#endif
     typeof(AbpCachingStackExchangeRedisModule),
     typeof(AbpDistributedLockingModule),
     typeof(AbpAspNetCoreMvcWrapperModule),
@@ -113,14 +105,10 @@ public partial class ProjectNameHttpApiHostModule : AbpModule
         app.UseRouting();
         app.UseCors();
         app.UseAuthentication();
-#if OpenIddict
-        app.UseAbpOpenIddictValidation();
-#elif IdentityServer4
         app.UseJwtTokenMiddleware();
-#endif
+        app.UseMultiTenancy();
         app.UseAbpSession();
         app.UseDynamicClaims();
-        app.UseMultiTenancy();
         app.UseAuthorization();
         app.UseSwagger();
         app.UseAbpSwaggerUI(options =>