search

Azure / azure-cli

Azure Command-Line Interface
MIT License
4.01k stars 2.98k forks source link

az webapp auth set - error bad request #25662

Open dfberry opened 1 year ago

dfberry commented 1 year ago

az feedback auto-generates most of the information requested below, as of CLI version 2.0.62

I get the following error when trying to add scopes for app service easy auth:

Bad Request({"error":{"code":"InvalidApiVersionParameter","message":"The api-version '2020-12-01' is invalid. The supported versions are '2023-03-01-preview,2022-12-01,2022-11-01-preview,2022-09-01,2022-06-01,2022-05-01,2022-03-01-preview,2022-01-01,2021-04-01,2021-01-01,2020-10-01,2020-09-01,2020-08-01,2020-07-01,2020-06-01,2020-05-01,2020-01-01,2019-11-01,2019-10-01,2019-09-01,2019-08-01,2019-07-01,2019-06-01,2019-05-10,2019-05-01,2019-03-01,2018-11-01,2018-09-01,2018-08-01,2018-07-01,2018-06-01,2018-05-01,2018-02-01,2018-01-01,2017-12-01,2017-08-01,2017-06-01,2017-05-10,2017-05-01,2017-03-01,2016-09-01,2016-07-01,2016-06-01,2016-02-01,2015-11-01,2015-01-01,2014-04-01-preview,2014-04-01,2014-01-01,2013-03-01,2014-02-26,2014-04'."}})

The script is located on the sampes repo I own (alias=diberry)

The JSON I'm injected looks like

{
  "globalValidation": {
    "redirectToProvider": "azureactivedirectory",
    "requireAuthentication": true,
    "unauthenticatedClientAction": "RedirectToLoginPage"
  },
  "httpSettings": {
    "forwardProxy": { "convention": "NoProxy" },
    "requireHttps": true,
    "routes": { "apiPrefix": "/.auth" }
  },
  "identityProviders": {
    "apple": { "enabled": true, "login": {}, "registration": {} },
    "azureActiveDirectory": {
      "enabled": true,
      "isAutoProvisioned": true,
      "login": {
        "disableWWWAuthenticate": false,
        "loginParameters": [
          "scope=openid email profile offline_access api://REMOVED-FOR-SECURITY/user_impersonation"
        ]
      },
      "registration": {
        "clientId": "9069fbed-9608-432c-9da2-833978ed7b5f",
        "clientSecretSettingName": "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET",
        "openIdIssuer": "https://sts.windows.net/REMOVED-FOR-SECURITY/v2.0"
      },
      "validation": {
        "allowedAudiences": ["api://REMOVED-FOR-SECURITY"],
        "defaultAuthorizationPolicy": { "allowedPrincipals": {} },
        "jwtClaimChecks": {}
      }
    },
    "facebook": { "enabled": true, "login": {}, "registration": {} },
    "gitHub": { "enabled": true, "login": {}, "registration": {} },
    "google": {
      "enabled": true,
      "login": {},
      "registration": {},
      "validation": {}
    },
    "legacyMicrosoftAccount": {
      "enabled": true,
      "login": {},
      "registration": {},
      "validation": {}
    },
    "twitter": { "enabled": true, "registration": {} }
  },
  "login": {
    "cookieExpiration": {
      "convention": "FixedTime",
      "timeToExpiration": "08:00:00"
    },
    "nonce": { "nonceExpirationInterval": "00:05:00", "validateNonce": true },
    "preserveUrlFragmentsForLogins": false,
    "routes": {},
    "tokenStore": {
      "azureBlobStorage": {},
      "enabled": true,
      "fileSystem": {},
      "tokenRefreshExtensionHours": 72
    }
  },
  "platform": { "enabled": true, "runtimeVersion": "~1" }
}

Related command

Describe the bug

I'm not sure how the version number issue could be from my script or JSON as neither appears to indicate the version number.

To Reproduce

  1. Create resources with app-creation.sh - change resource name to be unique.
  2. Add easy auth - Microsoft Identity provider to frontend app in the Azure portal
  3. Update auth with access-token.sh - change resource name to be same as first script.

Expected behavior

Environment summary

Additional context

dfberry commented 1 year ago

@dbradish-microsoft @mattchenderson - Easy auth config fails - probably my fault but not sure what to fix based on the error. @rwike77

yonzhan commented 1 year ago

route to CXP team

dfberry commented 1 year ago

@diberry - NTS