Auth code with PKCE - audience is not correctly set in the url

mir-cmavrichi commented 4 months ago

Bug description

When creating an oauth to be used with any of the apis in the api management service in azure and using only Code+PKCE the flow fails in api management developer portal. To be noted I need to specify an audience and setting it to something like https://foo.com/authorize?audience=https://audience.com in the azure api management oauth window.

The issue is when on the dev portal to do the auth flow, the audience is appended incorrectly, it is something like https://foo.com/authorize?audience=https://audience.com?id=1234&code=1234 when it should be https://foo.com/authorize?audience=https://audience.com&id=1234&code=1234 .

To be noted all this correctly works with auth code, but not auth code with PKCE.

Reproduction steps

Configure oauth in the api management service
Create a simple request that uses the oauth at step 1
Go to api management developer portal
Click on auth to get a token
The token is successfully retrieved

Expected behavior

Expected behavior is for the auth with pkce flow to work and be able to set an audience, when retrieving a token for making a request in the api management developer portal.

Is your portal managed or self-hosted?

Managed

mir-cmavrichi commented 3 months ago

Anything wrong with the issue I raised? LMK.

sthirthala commented 3 months ago

Please log managed portal issues to Azure support team using Support + Help link in Azure portal and select Problem Type = Developer portal.

Azure / api-management-developer-portal