Skip to content
This repository has been archived by the owner on Nov 26, 2024. It is now read-only.

I'm not authenticated #36

Closed
ACmalemzadeh opened this issue Jun 6, 2022 · 2 comments
Closed

I'm not authenticated #36

ACmalemzadeh opened this issue Jun 6, 2022 · 2 comments
Assignees
@viggotw
Labels
bug Something isn't working

Comments

@ACmalemzadeh
Copy link

I have used the GetRoles api and staticwebapp.config.json for my static web app. I get authorized and get in, but recieve a 403 error due to authentication. when I check /.auth/me I only get below:

{
"clientPrincipal": {
"identityProvider": "aad",
"userId": "<User_Id>",
"userDetails": "<My_Email",
"userRoles": [
"anonymous",
"authenticated"
]
}

those two roles are the default roles and the one I have configured with AAD groups under roleGroupMappings won't show up.

anyone else is having this issue?

P.S. I have used the config file and api files as it's shown in this repo in my Falkon project.
@viggotw
Copy link
Contributor

viggotw commented Jun 8, 2022

Hi,
We have experienced an issues where some people are not granted the roles that they should receive. Currently it seems like this issue presents itself for people with æ, ø, or å in their names. Could you confirm if this is the case for you as well?
We have explored some options for fixing this, and we are working on implementing them for this template repo as well. I will keep you posted

@viggotw viggotw added the bug Something isn't working label Jun 8, 2022
@viggotw viggotw self-assigned this Jun 8, 2022
@viggotw viggotw reopened this Jun 13, 2022
@viggotw
Copy link
Contributor

viggotw commented Jun 13, 2022
edited
Loading

Ok, so here is the fix based on this repo. See the branch related to this issue for the actual changes. This branch will not be merged until Microsoft fixes a bug for which this branch has a some-what hacky workaround for. However, I do prefer this solution over the original, since you are now able to connect users/groups to roles in the App Registration rather than have it hard coded in the JS-code. Finally, this solution also includes logging using Application Insights, which is optional.

1. Updated files
This branch contains two updated files:
- /api/package.json - (Only necessary if you want Application Insights
- /api/GetRoles/index.js (Remove the stuff related to Application Insights if you don't want this)

1b. (Optional) Connect Insight Analytics:

  1. In Azure Portal, go to Static Web App > YOUR_STATIC_WEB_APP > Application Insights > Enable Application Insights. Create new if you don't have one.
  2. Verify that the value static web app > Configuration > APPINSIGHTS_INSTRUMENTATIONKEY matches the newly created application insight "Instrumentation Key"

2. Create custom roles

  1. In Azure Portal, go to AAD > App Registration > YOUR_APP_REG > App roles > Create app role. To create e.g. a "reader" role, enter:

     Display name: "reader"
 Allowed member types: User/Groups
 Value: "reader"
 Description: "reader"

  2. In Azure Portal, go to Enterprise Applications > YOUR_APP_REG > Users and groups > Add user/group (might need to wait some minutes before the role created in previous step is visible here)

    User and groups: Select person or AAD Group
Select a role: Role that you created in previous step

@viggotw viggotw closed this as completed Jun 13, 2022
@viggotw viggotw mentioned this issue Jun 20, 2022
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@viggotw viggotw

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

When branches are created from issues, their pull requests are automatically linked.

36-custom-role-assignment-issue equinor/az-static-web-app-docs-template
2 participants
@viggotw @ACmalemzadeh