search

Azure / static-web-apps

Azure Static Web Apps. For bugs and feature requests, please create an issue in this repo. For community discussions, latest updates, kindly refer to the Discussions Tab. To know what's new in Static Web Apps, visit https://aka.ms/swa/ThisMonth
https://aka.ms/swa
MIT License
333 stars 57 forks source link

Azure Static Webapps is not creating custom authentication #1038

Open RomanPanaget opened 1 year ago

RomanPanaget commented 1 year ago

Describe the bug

Some well-known configurations are not correctly picked up for auth proxy creation. Cannot provide it publicly, only in private, but it is a Keycloak OIDC config.

To Reproduce Steps to reproduce the behavior:

  1. Deploy the Azure SWA with staticwebapp.config.json like this: 
    
{
"routes": [
{
  "route": "/*",
  "headers": {
    "Cache-Control": "no-store"
  }
}
],
"auth": {
"identityProviders": {
  "customOpenIdConnectProviders": {
    "keycloak": {
      "registration": {
        "clientIdSettingName": "KEYCLOAK_CLIENT_ID",
        "clientCredential": {
          "clientSecretSettingName": "KEYCLOAK_CLIENT_SECRET"
        },
        "openIdConnectConfiguration": {
          "wellKnownOpenIdConfiguration": "<private keycloak valid well-known URL>"
        }
      },
      "login": {
        "nameClaimType": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
        "scopes": ["openid", "profile", "email"],
        "loginParameterNames": []
      }
    }
  }
}
},
"globalHeaders": {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET, POST, PUT"
}
}


`KEYCLOAK_CLIENT_ID` and `KEYCLOAK_CLIENT_SECRET` are correctly set up in Application Settings.
3. Wait for deploy to finish
4. Navigate to .auth/login/keycloak and see a 404 code

<!--
If possible, please provide the following information if relevant (do not include sensitive content):
- GitHub Actions or Azure Pipelines workflow YAML file
- staticwebapp.config.json file
- source repository if it's public
-->

**Expected behavior**
Expected to see at least a login page from my keycloak provider

**Screenshots**
From diagnostics:
![Screenshot 2023-01-13 at 14 32 44](https://user-images.githubusercontent.com/13916665/212331801-88070b5f-536c-4fd5-9370-25e18eb92e47.png)

**Additional context and possible hints**
If I specify the separated auth, token, certs, issuer URLs, I can get a login page but the flows seems buggy and I can't get logged in in the end

**I can provide my SWA URL, tenant and well-known URL for further details in DM**

Thank you
RomanPanaget commented 1 year ago

@mkarmark is there any logs on your side we can check together during the deployment ? Please reach out to me

eferfolja commented 1 year ago

Having the same issue as described above on two SWA using Custom Auth. One uses Azure B2C, the other one uses a custom config for Google. Both apps were working for months.

4ux-nbIx commented 1 year ago

Any update on this? I'm facing the same issue... And today I can't even deploy a new Static Web App via anything!!! Getting 500 in both Azure Portal and az-cli :(

manoj271106 commented 1 year ago

same error here , azure b2c auth integration doesn't seem to be working, I get a 401 error once the flow redirects or the callback happens.