Open mkarmark opened 3 years ago
mauro-dasilva
commented
3 years ago Is the refresh token endpoint (./auth/refresh) working with Apple's OIDC? The process I have tried is that I send through the authServerCode and id_token to the ./auth/login endpoint. When I query the ./auth/me I don't see any refresh token returned. Also, if I call the ./auth/refresh endpoint with the X-ZUMO-AUTH header set to the session token, I get a 400 (Bad Request)
mauro-dasilva
commented
3 years ago @mkarmark Do you know if the refresh endpoints for either the OIDC or Apple endpoints are working with this release?
mkarmark
commented
3 years ago The refresh token endpoint is supported on the Apple provider, but not the custom Open ID Connect provider. Do you mind posting your app name, and I can give it a look from the logs on our end.
burrowj
commented
3 years ago @mkarmark I have a question about versioning to the correct version of App Service Authentication/Authorization Middleware. In my config/authsettingsV2 I have the following
"properties": { "platform": { "enabled": true, "runtimeVersion": "1.2.1", "configFilePath": "auth.json" }
In this scenario am I right in assuming the following
Thanks John
burrowj
commented
3 years ago @mkarmark
Also I would like to confirm that the following functionality should be working for Apple provider.
I use client-directed flow on my native app for Sign in with Apple. Hence, as specified here in the "With provider SDK" section of https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
I should be able to post to
POST https://myappservicename.azurewebsites.net/.auth/login/apple HTTP/1.1 Content-Type: application/json {"id_token":"myidtokenfromiossignin"}
in order to get my zumo auth token. Is this feature working as part of 1.4.2 or higher? I keep getting unauthorised 401 no matter what i try.
Thanks John
burrowj
commented
3 years ago @mkarmark seems that setting "unauthenticatedClientAction": "AllowAnonymous" fixed this issue. Having "unauthenticatedClientAction": "Return403" causes issues.
I now have a situation where I have set following in the authsettingsV2 which works fine for client directed flow.
"apple": {
"enabled": true,
"registration": {
"clientId": "",
"clientSecretSettingName": ""
},Am I correct in assuming that the end point https://myappservicename.azurewebsites.net/.auth/login/apple doesn't talk to Apple to verify anything. It simply looks at the passed in token and verifies its structure?
burrowj
commented
3 years ago @mkarmark I have worked out the issue with the blank clientId and secret working. Publishing the app to azure with changes to auth.json (or whatever you called it) config file does not implement the changes straight away. Although it seems that the app is restarted due to the load time required on first hit after publishing, you still need to actually restart the app service through the portal (or cli I imagine) to imlement changes to auth.json. At least that's what I'm seeing.
lukewar
commented
2 years ago Is the refresh token endpoint (./auth/refresh) working with Apple's OIDC? The process I have tried is that I send through the authServerCode and id_token to the ./auth/login endpoint. When I query the ./auth/me I don't see any refresh token returned. Also, if I call the ./auth/refresh endpoint with the X-ZUMO-AUTH header set to the session token, I get a 400 (Bad Request)
The refresh token endpoint is supported on the Apple provider, but not the custom Open ID Connect provider. Do you mind posting your app name, and I can give it a look from the logs on our end.
@mkarmark I have Apple provider setup but I struggle to get token refresh working. I have described it in mode details in that post: https://github.com/MicrosoftDocs/azure-docs/issues/47611#issuecomment-972766927
Would you be able to help setting it up?
Discussion issue for App Service Authentication/Authorization Middleware Version 1.4.2