jurabek
DataProtectorTokenProvider ValidateAsync always return false
When trying to regenerate OTP code with PUT action, the code
await _dataProtectorTokenProvider.ValidateAsync("resend_token", resendToken, _userManager, user) always return false. So the token is Invalid.
Can you help on this ?
@FolabiAhn did you try to check logs?
in appsettings.json
"LogLevel": {
"Microsoft": "Trace"
}
Thanks @Jurabek for your reply. Yes i change the loglevel to Trace, but nothing useful in logs.
When I generate the code and validate within the same action(POST), it return true.
I debug ValidateAsync method and for somehow it returning false when it tries to compare the userId and actualUserdId(the ids are not the same ?)
var userId = reader.ReadString();
var actualUserId = await manager.GetUserIdAsync(user);
if (userId != actualUserId)
{
Logger.UserIdsNotEquals();
return false;
}
It is like DataProtectorTokenProvider between each http request is not the same
the problem might be DataProtectorTokenProvider perhaps await manager.GetUserIdAsync(user); returning null which is not equal to userId, manager somehow should keep data for the generated users.
Hello, Both (userId and actualUserdId) are set, but different guid values.
Here is a bug on GetUser() method, which now I realized
on the line 95 it is looking at users list which does not exist and every time when PUT request creates new User
Yes you are right. So we have to move the creation of the user in PhoneNumberTokenGrantValidator to the POST action. Is that correct ?
Maybe saving the user in POST action is bad, like we can have multiple users saved without verification.
Yes, this is one way when you POST verify we are gonna store the user into Database, in that case, we should remove the user if he cancels the process, the only way to do that running batch jobs periodically and check the user actually verified or not.
Yes. I can complete the POST with a batch job. Great. Thank you very much