search

Azure / api-management-developer-portal

Developer portal provided by the Azure API Management service.
MIT License
484 stars 308 forks source link

Cannot close account when using Azure AD or Azure AD B2C Identity Providers #2042

Closed michelversluijs closed 1 year ago

michelversluijs commented 1 year ago

Bug description

Cannot close account when using Azure AD or Azure AD B2C Identity Providers

Reproduction steps

1 Configure the Developer portal with Azure AD and/or Azure AD Identity Providers

  1. Log in to the Developer Portal with an Azure AD or Azure AD B2C account
  2. Navigate to the user profile page
  3. Notice that profile data and subscription information is shown but the button to close the account is missing

Expected behavior

Regardless of what Identity Provider is used a Developer Portal user should be able to close her/his account.

Is your portal managed or self-hosted?

Managed

API Management service name

[e.g., contoso-api]

Environment

Additional context

It seems that the display of the close account-button is conditional, as can be seen here:

https://github.com/Azure/api-management-developer-portal/blob/master/src/components/users/profile/ko/runtime/profile.html

ghost commented 1 year ago

@michelversluijs, thank you for opening this issue. We will triage it within the next few business days.

malincrist commented 1 year ago

Hello @michelversluijs,

When you configure the Developer Portal with Azure AD/ Azure AD Identity Providers, anyone with an account in the specific AD will be able to sign in in the Developer Portal. As long as that account is part of the AD, the user will still be able to log in in Developer Portal.

This being said, there is no way that we can "close" an account from AD. Even if we remove the specific user, they will still be able to re-log in in Developer Portal (as long as they are part of the configured AD).

If you wish to remove an account like this, you would have to remove it from the AD.

michelversluijs commented 1 year ago

Hello @malincrist,

We are currently migrating from the deprecated developer portal, where this functionality is in fact available, also when using Azure AD / Azure AD B2C Identity Providers. Here is an example (in Dutch)

image

It is evident that the account will not be removed from the Azure AD / Azure AD B2C tenant. But especially in the B2C scenario where users external to our organization have registered, they should be able to remove their user profile (and possible subscriptions) from the API Management service.