search

Azure / api-management-developer-portal

Developer portal provided by the Azure API Management service.
MIT License
485 stars 311 forks source link

Azure API Management Portal Returning Invalid Secrets in React Custom Widget #2656

Open jdoe-concentrix opened 4 weeks ago

jdoe-concentrix commented 4 weeks ago

Every self-hosted developer bug report should have precise description and reproduction steps; console traces (or) source code references are appreciated.

Bug description

I'm encountering an issue with my custom React widget in the Azure API Management portal. The widget uses an unmodified secrets hook to retrieve secrets from the portal through a postMessage() method. Previously, the managementApiUrl attribute returned a URL pointing to the management API, which the widget used successfully. However, this attribute now returns a URL with a different structure, leading to failures in interacting with the management API.

Previous managementApiUrl format:

{
  "parentLocation": { },
  "managementApiUrl": "https://<redacted>.developer.azure-api.net/developer",
  "apiVersion": "2022-04-01-preview",
  "token": "SharedAccessSignature token=\"<redacted>\", refresh=\"true\"",
  "userId": "1"
}

Current managementApiUrl format:

https://<redacted>.management.azure-api.net/subscriptions/000/resourceGroups/000/providers/Microsoft.ApiManagement/service/<redacted>

Reproduction steps

  1. Deploy a custom React widget in the Azure API Management portal.
  2. Use the secrets hook to retrieve the managementApiUrl value via postMessage().
  3. Attempt to use the retrieved managementApiUrl to interact with the management API.
  4. Notice the widget fails due to the altered URL structure.

Expected behavior

The managementApiUrl attribute should return the actual management API URL

Is self-hosted portal?

No

[!WARNING] "Managed developer portal issues" will be closed automatically. See above for more details.

Environment

Additional context

I've tried creating new widgets, trying different Azure API-M instances, validating the config.json endpoint, and even calling config.json directly (unable to because of CORS). Screenshots of the issue and related console traces are attached below.

Vipersoft-01 commented 3 weeks ago

I'm also facing this issue. Clearly something happened we are not aware of? The management API URL is just wrong. It should be the one configured in the portal on the APIM instance: image

The current secret object contains:

{ "managementApiUrl": "https://dev-developer.xxxxxxx.eu/developer", "apiVersion": "2022-04-01-preview", "token": "" }

erwinkramer commented 2 weeks ago

@jdoe-concentrix , @Vipersoft-01 you are better of creating a support ticket via the Azure portal, since they won't handle managed portal issues here (unless you're lucky).