Caching of Static Web App Consent Page With Front Door

[benbeck764]

Issue

I've setup and configured an Azure Static Web App (using AAD authentication) to utilize Azure Front Door as an entry point precisely following all of the steps here.

After doing so, it seems that the consent page served from https://identity.azurestaticapps.net/.auth/login/done appears to be displayed upon every single login. (Note: This was not happening before configuring Azure Front Door).

Is there a way to ensure that this consent page is only shown once for initial application consent? Thank you!

Device info:

• OS: Windows 11
• Browser: Chrome (104.0.5112.102)

Additional context I figured this was some kind of caching issue with Azure Front Door, however I had initially followed the steps for disabling caching for the Auth Workflow and this issue still seems to occur.

[mkarmark]

Hi, is there any particular reason you are choosing the option of owning the Azure Front Door resource yourself rather than our one click Enterprise Grade Edge option that just became generally available? https://docs.microsoft.com/en-us/azure/static-web-apps/enterprise-edge?tabs=azure-portal The issue you are seeing now has to do with the fact that the www.powerbishare.com custom domain isn't added on the Static Web App resource, presumably because the domain is added on the Front Door profile that you own, but that results in our auth flow unable to keep track of the roles your user has and always shows the consent page for the user. If you go with the enterprise grade edge option and add the custom domain directly to the static web app, we handle everything for you on the Front Door front so you wouldn't need to worry about this. The other option for you is to use custom authentication which has a different auth flow and would not experience this issue. More information for that can be found here: https://docs.microsoft.com/en-us/azure/static-web-apps/authentication-custom?tabs=aad

[benbeck764]

I chose the Azure Front Door option as it seems that it would provide more customizable flexibility than the one click Enterprise Grade Edge option. I could potentially try utilizing the Enterprise Grade Edge as that seems to be what Microsoft is pushing developers to utilize. However, I think I'll give the custom authentication a try first and see how that works. I was hoping I'd be able to resolve this using the out-of-box authentication flow, but that doesn't seem to be the case. I understand now why this isn't working, thank you for the explanation!

[MikeCarlo]

@mkarmark

We are wanting to own the Azure Front Door because we are looking white label our app with multiple domains for the base application. The current limitation is currently 5 per app in the Standard plan. We anticipate having to grow beyond 5 custom domains. Thus, we were hoping to use Azure Front Door with the app. Thus, allowing us to open up more custom domains beyond the 5.

If we add the option for the Enterprise Grade Edge, do we get access to more than 5 domains?

[noynek]

@mkarmark

We are wanting to own the Azure Front Door because we are looking white label our app with multiple domains for the base application. The current limitation is currently 5 per app in the Standard plan. We anticipate having to grow beyond 5 custom domains. Thus, we were hoping to use Azure Front Door with the app. Thus, allowing us to open up more custom domains beyond the 5.

If we add the option for the Enterprise Grade Edge, do we get access to more than 5 domains?

I'm stuck on the same issue, trying to figure out how to have more than 5 domains.