search

Azure / static-web-apps

Azure Static Web Apps. For bugs and feature requests, please create an issue in this repo. For community discussions, latest updates, kindly refer to the Discussions Tab. To know what's new in Static Web Apps, visit https://aka.ms/swa/ThisMonth
https://aka.ms/swa
MIT License
318 stars 53 forks source link

Azure B2C Custom Auth Provider doesn't seem to work #1495

Open jezmaghuyop opened 2 weeks ago

jezmaghuyop commented 2 weeks ago

Describe the bug I'm trying to configure Custom Auth Provider with Azure Static Web Apps while on the "Standard" Pricing Plan. I'm using Azure B2C as the auth provider as we want to allow our users from our b2c account to be able to login to this static web apps.

  1. The index page is accessibile even though the allowedRoles is set to be "authenticated"
  2. typing "./auth/login/aadb2c" in the browser returns 404

image image image

below is my staticweapp.config.json file

{
  "routes": [
    {
      "route": "/login",
      "rewrite": "/.auth/login/aadb2c"
    },
    {
      "route": "/logout",
      "redirect": "/.auth/logout",
      "allowedRoles": ["authenticated"]
    },    
    {
      "route": "/.auth/login/twitter",
      "statusCode": 404
    },
    {
      "route": "/.auth/login/google",
      "statusCode": 404
    },
    {
      "route": "/.auth/login/aad",
      "statusCode": 404
    },
    {
      "route": "/*",
      "allowedRoles": ["authenticated"]
    }
  ],
  "responseOverrides": {
    "401": {
      "statusCode": 302,
      "redirect": "/.auth/login/aadb2c"
    }
  },
  "navigationFallback": {
    "rewrite": "index.html",
    "exclude": [
      "/src2/docs/images/*.{png,jpg,gif,ico}",
      "/src2/docs/img/*.{png,jpg,gif,ico}",      
      "/*.{css,scss,js}"
    ]
  },
  "auth": {
    "rolesSource": "/api/Roles",
    "identityProviders": {
      "customOpenIdConnectProviders": {
        "aadb2c": {
          "registration": {
            "clientIdSettingName": "AADB2C_PROVIDER_CLIENT_ID",
            "clientCredential": {
              "clientSecretSettingName": "AADB2C_PROVIDER_CLIENT_SECRET"
            },
            "openIdConnectConfiguration": {
              "wellKnownOpenIdConfiguration": "https://<companyname>.b2clogin.com/<companyname>.onmicrosoft.com/B2C_1_SiIn/v2.0/.well-known/openid-configuration"
            }
          },
          "login": {
            "nameClaimType": "emails",
            "scopes": [],
            "loginParameterNames": []
          },
          "enabled": true
        }
      }
    }
  } 
}

Expected behavior

  1. I'm expecting for the page to automatically navigate to the "login" URL since I configured the wildcard route allowedRoles to be "authenticated" but users can still access the page even though they are not authenticated

  2. checking the "/.auth/me" shows this image

  3. Navigating to "/.auth/login/aadb2c" returns 404 not found image

Device info (if applicable):

Additional context