google auth login in not working

[lao8n]

2023-06-28T15:29:57.698702522Z       Request starting HTTP/1.1 GET http://ca-web-4a73yskoiju2e.mangoisland-1cce6bd6.eastus.azurecontainerapps.io/.auth/login/google?post_login_redirect_uri=%2Flogin-redirect  
2023-06-28T15:29:57.700224762Z info: MiddlewareConsoleLogs[0]
2023-06-28T15:29:57.700250446Z       {"Timestamp":"2023-06-28T15:29:57.7000596Z","Hostname":"ca-web-4a73yskoiju2e.mangoisland-1cce6bd6.eastus.azurecontainerapps.io","Path":"/.auth/login/google","SiteName":"","TaskName":"RequestCompleted","ModuleRuntimeVersion":"1.6.7","StatusCode":302,"SubStatusCode":0,"RedirectHostname":"accounts.google.com","ProviderName":"Microsoft-Azure-AppService-Middleware","Level":4,"EventId":3}
2023-06-28T15:29:57.700845806Z info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2023-06-28T15:29:57.700863481Z       Request finished in 1.8857ms 302 
2023-06-28T15:29:58.036495014Z info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2023-06-28T15:29:58.037067347Z       Request starting HTTP/1.1 GET http://ca-web-4a73yskoiju2e.mangoisland-1cce6bd6.eastus.azurecontainerapps.io/.auth/login/google/callback?state=redir%3D%252Flogin-redirect%26nonce%3D205cfd10c3334ebab33c04ee15c8f1bd_20230628153457&code=4%2F0AbUR2VPXvHqI8nruvOTo_SmxnW_eo4SH6w4joqahkzSaBPNrjszBkhqANB4FU9Q4_t9TDQ&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&authuser=0&prompt=none  
2023-06-28T15:29:58.039640237Z info: MiddlewareConsoleLogs[0]
2023-06-28T15:29:58.039819005Z       {"Timestamp":"2023-06-28T15:29:58.0385405Z","SiteName":"","TaskName":"TraceIO","Message":"Starting","ProviderName":"Microsoft-Azure-AppService-Middleware-Authentication","Level":4,"EventId":201,"ActivityId":"2b88c8f1-72c9-455d-9f61-9b2736743b57","ActionTaken":"HttpRequest POST","Location":"https://oauth2.googleapis.com/token","TimeTaken":0}
2023-06-28T15:29:58.226794570Z info: MiddlewareConsoleLogs[0]
2023-06-28T15:29:58.227141847Z       {"Timestamp":"2023-06-28T15:29:58.2265333Z","SiteName":"","TaskName":"TraceIO","Message":"Completed with 200. Partial response if failure: .","ProviderName":"Microsoft-Azure-AppService-Middleware-Authentication","Level":4,"EventId":201,"ActivityId":"2b88c8f1-72c9-455d-9f61-9b2736743b57","ActionTaken":"HttpRequest POST","Location":"https://oauth2.googleapis.com/token","TimeTaken":188}
2023-06-28T15:29:58.229128474Z info: MiddlewareConsoleLogs[0]
2023-06-28T15:29:58.258475354Z       {"Timestamp":"2023-06-28T15:29:58.2289867Z","Hostname":"ca-web-4a73yskoiju2e.mangoisland-1cce6bd6.eastus.azurecontainerapps.io","SiteName":"","TaskName":"LoginComplete","ClientId":"194094976957-5s0dlqfnb4cpkifodhmjom12tg742ve7.apps.googleusercontent.com","ModuleRuntimeVersion":"1.6.7","ProviderName":"Microsoft-Azure-AppService-Middleware-Authentication","Level":4,"Issuer":"https://accounts.google.com","Authenticated":true,"AuthenticationMethods":"","UserDomain":"gmail.com","UserHash":"34079853C5BF347A5B7271B9754DB8C1","EventId":200}
2023-06-28T15:29:58.258523889Z info: MiddlewareConsoleLogs[0]
2023-06-28T15:29:58.258531804Z       {"Timestamp":"2023-06-28T15:29:58.2294963Z","SiteName":"","TaskName":"MiddlewareInformation","Message":"Login completed for 'he**PII**'. Provider: 'google'.","ModuleRuntimeVersion":"1.6.7","ProviderName":"Microsoft-Azure-AppService-Middleware","Level":4,"EventId":1}
2023-06-28T15:29:58.259548180Z info: MiddlewareConsoleLogs[0]
2023-06-28T15:29:58.259594913Z       {"Timestamp":"2023-06-28T15:29:58.259352Z","Hostname":"ca-web-4a73yskoiju2e.mangoisland-1cce6bd6.eastus.azurecontainerapps.io","Path":"/.auth/login/google/callback","SiteName":"","TaskName":"RequestCompleted","ModuleRuntimeVersion":"1.6.7","StatusCode":302,"SubStatusCode":0,"RedirectHostname":"ca-web-4a73yskoiju2e.mangoisland-1cce6bd6.eastus.azurecontainerapps.io","ProviderName":"Microsoft-Azure-AppService-Middleware","Level":4,"EventId":3}
2023-06-28T15:29:58.259898421Z info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2023-06-28T15:29:58.259944820Z       Request finished in 223.3015ms 302 
2023-06-28T15:30:40.964103744Z info: MiddlewareConsoleLogs[0]
2023-06-28T15:30:40.964148252Z       {"Timestamp":"2023-06-28T15:30:40.9639245Z","SiteName":"","TaskName":"MiddlewareInformation","Message":"{\"numberOfSuccessfulSessionTokenAuthentications\":0,\"numberOfSuccessfulBearerTokenAuthentications\":0,\"numberOfSuccessfulCookieAuthentications\":1,\"numberOfUniqueAuthenticatedUsers\":1,\"numberOfUnsuccessfulAuthentications\":0}","ModuleRuntimeVersion":"1.6.7","ProviderName":"Microsoft-Azure-AppService-Middleware","Level":4,"EventId":1}

also it doesn't load the constellation page

and when it does the user hasn't logged in

[lao8n]

google login in works but doesn't show login screen - not sure if that is working...

key trick was to add secret separately and refer to it

and to add some allowed token audiences

not sure exactly which matter

[lao8n]

same problem again - perhaps because something is getting wiped everytime i re-push with github action

[lao8n]

despite adding secret via google and everything being the same as above the login still isn't working

[lao8n]

so i've tried setting where the secret is defined as

[lao8n]

so i tried using inprivate mode and the issue seems to be the cache i think this confirms that this approach to referencing a secret is valid however as i got to the login screen and only the redirect failed. i'm not sure what is wrongw ith the redirect

[lao8n]

https://github.com/Azure/azure-dev/issues/2479 thinking of giving up on key vault secrets entirely and instead pass the secret into the container directly

[lao8n]

trying a few new approaches

1. https://stackoverflow.com/questions/50698345/azure-app-service-authentication-302-when-trying-to-get-auth-me adding some request options to the fetch /.auth/me
2. https://stackoverflow.com/questions/43088339/retrieve-access-token-within-a-aad-secured-azure-web-app/43109641#43109641

   {
     "id": "/subscriptions/98d3a17a-a631-4a58-85f7-db2d9a7abae6/resourceGroups/rg-cnstlltn-prod/providers/Microsoft.App/containerApps/ca-web-4a73yskoiju2e",
     "name": "ca-web-4a73yskoiju2e",
     "type": "Microsoft.App/containerApps",
     "location": "eastus",
     "tags": {
       "azd-env-name": "cnstlltn-prod",
       "azd-service-name": "web"
     }
   },

[lao8n]

only set these in google following instructions

[lao8n]

i.e. correct setup should be (although it isn't working) tehcnically i think the /.auth/me stuff never worked so it's just that the setting the true worked but that is different

[lao8n]

maybe the answer is i shouldn't use /.auth/me at all on the front end and instead access the information on the backend and use that userid etc. that way

[lao8n]

so to be fair in this the microsoft tutorial it never mentions querying /.auth/me i think i hsould do do it in the bakcend using the x-ms-client-prinicpal-id thing isntead - turns out i was barking up the wrong tree the whole time - i have screenshots of all the key variables so yeah looks okay

[lao8n]

so worryingly it looked like i lost the authentication again (although not the secret) i think this is okay because for a while iw as mainly deleting the container apps and their environment because i didn't realise the thing i needed to stop was the deployment not the actually containers - i think that now i've added it back it will stay there - we'll see if i'm wrong i did have to updat ethe name of the app domain as well although i think this is a one off there basically isn't a good reason to go deleting instances really hmm because i switched from 2023-04-01-preview (check this) to 2022-11-01-preview i had to comment out the service binds - not sure what they are and if they are relevant umm if i'm feeling brave mabye i'll try adding them back but it's been so long since iv'e had a working deployment i'll wait a bit beofre updating - it's possible that is the reason but i think the main reason is i just deleted and as far as i know there is no way to add authentication via bicep you have to do it in the portal