I have an existing Azure Function App configured with App Service Auth using AAD.
By directly accessing the App Service website xxx.azurewebsites.net/xxx I am prompted to login, and on logging in redirect back the xxx.azurewebsites.net page.
However, with the same function app accessed via an APIM endpoint, I load the site xxx.azure-api.net/xxx, get prompted to login, and then get redirected back to the azurewebsites.net page rather than the azure-api.net one.
Is there any way to configure this redirection? I have set the Redirect URIs in the App Registrations 'Authentication' blade, however this has made no difference.
Additional information:
In the initial 401 response I can see the original URL in the headers
WWW-Authenticate Bearer realm="xxx.azurewebsites.net/xxx" ...
No, we can't set the request to redirect to azure-api.net after login.
What we need to know is if we use AD to protect the function app, it will redirect to login page when we request the function url. And after login, it will redirect back to function url and continue to do the request.
When you use APIM to access the function, the APIM is just as an interface. So it's same with the steps above after you request the APIM api to access the function. So it will not redirect to azure-api.net, it is by design.
Related
I created web app in my Azure account. I have all details like tenat id, client id, client secret etc. While creating I have added uri as https://localhost and I also added scope Data.Read and added Application ID URI. But I can't open above mentioned url. Most possible that I am missing something in my mind and dont fully understand the rule how it should work, that is why I am asking for help. I need this localhost in order to test auth with Azure tokens. What exactly I am doing wrong?
Azure allows http protocol value for only localhost. Remaining all redirect URIs must begin with the scheme https. To use https, you should install SSL certificate.
HTTP: The HTTP scheme (http://) is supported only for localhost URIs and should be used only during active local application development and testing.
I am not sure what error you are getting Azure active directory basically Redirect back to the Redirect URL specified in the request provided to AAD after login using either the /authorize or /token endpoint is what AAD does. If the match is successful, AAD publishes the success response back to the same Redirect URI after successfully authenticating the user. Once the request reaches AAD, it verifies the Redirect URI and compares it with the reply URLs listed in the app registration.
For more information in detail, please refer below links:
How to create Azure Web App | Ciemasen
Localhost exceptions
Redirect URL with http but NOT localhost
Even after adding url in refirect uri, we are getting reply uri is not configured. Under F12 we see the auth request is trying to send redirect url as origin.*.com.
For any url we give auth request is aensing origin as the reply url.
How to add 2nd sign in url at azure portal for a web app?
Go to your application under App registrations->Authentication->Add a platform->Choose Web
Click Add URI to add URI.
By default aws will make the site names as origin.sirurl.
Once removing the origin it is working as expected
I am trying to build an app in node.js that connects to Pinterest via its API. I can get an access token via Postman and test my app in single-user mode, but I am unable to incorporate OAuth2 to test my app for a second user. Every configuration of my code and settings at developer.pinterest.com yields the error "The provided redirect_uri ... does not match any of my registered redirect URIs."
I registered what I believe are correct callback URLs at developers.pinterest.com--many variants, with and without trailing slashes. My callback is hosted via https.
I tried calling Pinterest's auth URLs OAuth2 in my server code (node.js), and via browser address bar.
https://api.pinterest.com/oauth/?response_type=code&redirect_uri=https://www.outfinterest.com/auth/pinterest/callback/&client_id=5042375080944909391&scope=read_public&state=true
I attempted the auth from a browser logged into Pinterest as me, and from a browser logged in as a registered tester of my app.
What must I do to get Pinterest to accept my callback URL?
Do I need to submit my app for approval before I can authorize via OAuth2?
I resolved the problem by reducing the set URLs registered at developer.pinterest.com to just the one I need, then reloaded the page with the app settings.
I am trying to authenticate to a server from my React-Native app using Azure AD.
Now, I don't understand what is a redirect URI and I don't understand where should I put my server's URL in Azure and what URL should I call from my React-Native app.
Documentation for it is quite confusing.
I don't understand what is a redirect URI
For React-Native app, the redirect_url is optional. Refer to this document for more details.
An url that ADLoginView will be redirect when login success, this property is optional.
I don't understand where should I put my server's URL in Azure and
what URL should I call from my React-Native app.
You needn't put your server's url in Azure.But you need to add authentication to your server. Then you can call your server api as normal, but with the Authorization header. This sample will help you to understand better though it is using aspnetcore.
You need to create register two applications in Azure portal. Client app and server app. You will get the access token via your native app and then use it to access your server app.
I host a React & ASP.NET Core web app in an Azure App Service. I'm encountering an isolated and bizarre (to me anyway!) issue relating to the post-login process in my application.
We use Okta for authentication and the login process looks like this:
User navigates to our website
On page load when not logged in, authorize attribute redirects to the '/api/auth/login' controller action
'/api/auth/login' invokes challenge and redirects to Okta
User logs in to Okta and is redirected back to callback URL specified in OpenID connect middleware
Web app redirects back to '/api/auth/login' to check if user is authenticated then redirects to '/' to render home page
In chrome, in azure and over https only step 5 above does not redirect to '/' and instead the call to '/api/auth/login' is returning a 200. Nowhere in my controller action do I return a 200 here. This works locally when using chrome and HTTPs so it seems to be isolated to my Azure environment.
Chrome request/response dumps of HTTP vs HTTPS in Azure are below. The HTTP response is what I'm expecting, I've got no idea where the HTTPS response is coming from.
HTTP with expected response from '/api/auth/login' call:
HTTPS with unexpected response:
Any suggestions would be greatly appreciated!
The scaffolding framework we used for our react application was registering a service worker which was returning this 200.