Azure Static Web Apps. For bugs and feature requests, please create an issue in this repo. For community discussions, latest updates, kindly refer to the Discussions Tab. To know what's new in Static Web Apps, visit https://aka.ms/swa/ThisMonth
We are using AAD as our "main" source of auth - however due to MFA restrictions on users in the AAD, we have an OpenID Connect server (IdentityServer) for the purpose of test users.
Lately we have observed that the last step of the OAuth flow, the callback, will redirect to initiate the AAD login flow instead (as if the request is unauthorized).
The weird part is that this is sporadic so sometimes it is successful and the user is authorized but many times it is not.
To Reproduce
The SWA is not public but I'll try to explain the flow here (can provide a HAR dump if necessary).
But step # 7 sets a Location header to
/.auth/login/aad?post_login_redirect_uri=/.auth/login/test/callback?code%3d956C354430285E7D5E58899B379ED8EADDBCAEE9014E38DA7A27A2936B2C51F3%26scope%3dopenid%2520profile%2520roles%2520email%26state%3dredir%253D%25252F.auth%25252Fcomplete%26session_state%3dDcTlyhBYxdrlzzjOUvm-bUwZUUNKhsZK4aQDxNKUWro.E54146CE19A619491F62BA3FD00A2A3F
Describe the bug
We are using AAD as our "main" source of auth - however due to MFA restrictions on users in the AAD, we have an OpenID Connect server (IdentityServer) for the purpose of test users. Lately we have observed that the last step of the OAuth flow, the callback, will redirect to initiate the AAD login flow instead (as if the request is unauthorized). The weird part is that this is sporadic so sometimes it is successful and the user is authorized but many times it is not.
To Reproduce The SWA is not public but I'll try to explain the flow here (can provide a HAR dump if necessary).
But step # 7 sets a Location header to /.auth/login/aad?post_login_redirect_uri=/.auth/login/test/callback?code%3d956C354430285E7D5E58899B379ED8EADDBCAEE9014E38DA7A27A2936B2C51F3%26scope%3dopenid%2520profile%2520roles%2520email%26state%3dredir%253D%25252F.auth%25252Fcomplete%26session_state%3dDcTlyhBYxdrlzzjOUvm-bUwZUUNKhsZK4aQDxNKUWro.E54146CE19A619491F62BA3FD00A2A3F
Expected behavior The user to be authorized and taken to the application