search

Azure / api-management-developer-portal

Developer portal provided by the Azure API Management service.
MIT License
478 stars 306 forks source link

Invite Flow for Self-Hosted portal throws 404 #1431

Open mpowers-3c opened 2 years ago

mpowers-3c commented 2 years ago

Bug description

We're self hosting the developer portal as a static website in a storage account. I've updated the notification template to use the URL of the self hosted portal and the invite link is being sent out as follows:

https://sa-name.z19.web.core.windows.net/confirm-v2/identities/basic/invite?userid=id&identity=identity&ticketid=ticketid&ticket=ticket (scrubbed values)

When I click on the link though, it sends me to the 404 page of the self hosted portal. If I change the hostname of the URL to point to the Azure hosted developer portal, i.e. https://api-name.developer.azure-api.net/confirm-v2/identities/basic/invite?rest-of-query, the url works and properly redirects me to the confirm-password page, but this is not working for the self-hosted flow

Reproduction steps

  1. Self-host the developer portal using a static website as outlined here - https://docs.microsoft.com/en-us/azure/api-management/developer-portal-self-host (including updating the notification templates to point to your self-hosted portal)
  2. Go to your APIM instance within the azure portal
  3. Click on the Users blade
  4. Click on the Invite button
  5. Fill out the information and send the invitation
  6. Open the invitation from the email it was sent to and click on the invite link
  7. The link directs you to the 404 page specified in your self hosted developer portal

Expected behavior

Steps 1-6 as outlined above, but step 7 should redirect you to the confirm-password page where the user is then able to create a password for their account.

Is your portal managed or self-hosted?

Self-hosted

Release tag or commit SHA (if using self-hosted version)

commit/c523c10a7ab07eb10842e8d909d62fd141bfd9bf

API Management service name

Reach out if this is needed

Environment

Additional context

The flow does work on the managed portal but fails for the self hosted portal. I also believe that clicking on the invitation link does actually activate the user's account, but doesn't allow them to confirm their password. Updating the verbiage at https://docs.microsoft.com/en-us/azure/api-management/developer-portal-self-host#invite-user would help remove some of the confusion I had here

ghost commented 2 years ago

@mpowers-3c, thank you for opening this issue. We will triage it within the next few business days.

azaslonov commented 2 years ago

@mpowers-3c, this is because invitation flow requires backend, which doesn't exists for self-hosted portal. We'll work on supporting this scenario reusing the backend of managed service and provide respective guidance. No ETA at the moment.

ghost commented 2 years ago

@mpowers-3c, thank you for requesting this feature.