Giters

Azure / static-web-apps

Azure Static Web Apps. For bugs and feature requests, please create an issue in this repo. For community discussions, latest updates, kindly refer to the Discussions Tab. To know what's new in Static Web Apps, visit https://aka.ms/swa/ThisMonth

Home Page:https://aka.ms/swa

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Azure B2C Custom Auth Provider doesn't seem to work

jezmaghuyop opened this issue · comments

commented

Describe the bug
I'm trying to configure Custom Auth Provider with Azure Static Web Apps while on the "Standard" Pricing Plan. I'm using Azure B2C as the auth provider as we want to allow our users from our b2c account to be able to login to this static web apps.

  1. The index page is accessibile even though the allowedRoles is set to be "authenticated"
  2. typing "./auth/login/aadb2c" in the browser returns 404

image
image
image

below is my staticweapp.config.json file

{
  "routes": [
    {
      "route": "/login",
      "rewrite": "/.auth/login/aadb2c"
    },
    {
      "route": "/logout",
      "redirect": "/.auth/logout",
      "allowedRoles": ["authenticated"]
    },    
    {
      "route": "/.auth/login/twitter",
      "statusCode": 404
    },
    {
      "route": "/.auth/login/google",
      "statusCode": 404
    },
    {
      "route": "/.auth/login/aad",
      "statusCode": 404
    },
    {
      "route": "/*",
      "allowedRoles": ["authenticated"]
    }
  ],
  "responseOverrides": {
    "401": {
      "statusCode": 302,
      "redirect": "/.auth/login/aadb2c"
    }
  },
  "navigationFallback": {
    "rewrite": "index.html",
    "exclude": [
      "/src2/docs/images/*.{png,jpg,gif,ico}",
      "/src2/docs/img/*.{png,jpg,gif,ico}",      
      "/*.{css,scss,js}"
    ]
  },
  "auth": {
    "rolesSource": "/api/Roles",
    "identityProviders": {
      "customOpenIdConnectProviders": {
        "aadb2c": {
          "registration": {
            "clientIdSettingName": "AADB2C_PROVIDER_CLIENT_ID",
            "clientCredential": {
              "clientSecretSettingName": "AADB2C_PROVIDER_CLIENT_SECRET"
            },
            "openIdConnectConfiguration": {
              "wellKnownOpenIdConfiguration": "https://<companyname>.b2clogin.com/<companyname>.onmicrosoft.com/B2C_1_SiIn/v2.0/.well-known/openid-configuration"
            }
          },
          "login": {
            "nameClaimType": "emails",
            "scopes": [],
            "loginParameterNames": []
          },
          "enabled": true
        }
      }
    }
  } 
}

Expected behavior

  1. I'm expecting for the page to automatically navigate to the "login" URL since I configured the wildcard route allowedRoles to be "authenticated" but users can still access the page even though they are not authenticated

  2. checking the "/.auth/me" shows this
    image

  3. Navigating to "/.auth/login/aadb2c" returns 404 not found
    image

Device info (if applicable):

  • Browser: Edge

Additional context

commented

Try to add "openid" to scopes:

"scopes": ["openid"],