Before filing this issue, please ensure you're using the latest CLI by running swa --version and comparing to the latest version on npm.
Are you accessing the CLI from the default port :4280 ?
Make sure you are accessing the URL printed in the console when running swa start!
ℹ️ NOTE: Make sure to enable debug logs when running any swa commands using --verbose=silly
Describe the bug
Azure Static Web Apps Auth emulation doesn't work from CLI 2.0.2 to current version 2.0.4. Works fine until 2.0.1.
To Reproduce
I've executed
swa start http://localhost:5173 --api-location http://localhost:7113 --verbose=silly --swa-config-location ./swaconfig/preview --run "npm run dev"
my swa confing
{
"trailingSlash": "auto",
"auth": {
"identityProviders": {
"azureActiveDirectory": {
"registration": {
"openIdIssuer": "https://login.microsoftonline.com/<mytenant>/v2.0",
"clientIdSettingName": "AZURE_CLIENT_ID",
"clientSecretSettingName": "AZURE_CLIENT_SECRET"
}
}
}
},
"routes": [
{
"route": "/images/*",
"headers": {
"cache-control": "must-revalidate, max-age=15770000"
}
},
{
"route": "/api/*",
"methods": [
"GET",
"PUT",
"POST",
"PATCH",
"DELETE"
],
"allowedRoles": [
"authenticated"
]
},
{
"route": "/login",
"rewrite": "/.auth/login/aad"
},
{
"route": "/.auth/login/twitter",
"statusCode": 404
},
{
"route": "/.auth/login/github",
"statusCode": 404
},
{
"route": "/logout",
"redirect": "/.auth/logout"
},
{
"route": "/.auth/invitations*",
"allowedRoles": [
"authenticated"
]
},
{
"route": "/dashboard*",
"allowedRoles": [
"authenticated"
]
},
{
"route": "/fatturaelettronica*",
"allowedRoles": [
"anonymous"
]
},
{
"route": "/extract*",
"allowedRoles": [
"authenticated"
]
},
{
"route": "/bindusertocard*",
"allowedRoles": [
"authenticated"
]
},
{
"route": "/employeeclockings*",
"allowedRoles": [
"authenticated"
]
},
{
"route": "/employees*",
"allowedRoles": [
"authenticated"
]
},
{
"route": "/about*",
"allowedRoles": [
"admin"
]
},
{
"route": "/site.webmanifest",
"allowedRoles": [ "anonymous", "authenticated" ]
}
],
"navigationFallback": {
"rewrite": "index.html",
"exclude": [
"/images/*.{png,jpg,gif}",
"/css/*"
]
},
"responseOverrides": {
"400": {
"rewrite": "/invalid-invitation-error.html"
},
"401": {
"redirect": "/login",
"statusCode": 302
},
"403": {
"rewrite": "/custom-forbidden-page.html"
},
"404": {
"rewrite": "/404.html"
}
},
"globalHeaders": {
"content-security-policy": "img-src 'self' blob: data:;default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'",
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET, OPTIONS"
},
"mimeTypes": {
".json": "text/json"
},
"platform": {
"apiRuntime": "dotnet-isolated:9.0"
}
}
Expected behavior
Accessing the page http://localhost:4280/.auth/login/aad?post_login_redirect_uri=http://localhost:4280/dashboard should display

instead an error is received
Screenshots
Response of the page
AZURE_CLIENT_ID not found in env for 'aad' provider
silly mode log
--------------------------------------------------------
------------------- processing route -------------------
--------------------------------------------------------
processing /.auth/login/aad?post_login_redirect_uri=http://localhost:4280/dashboard
checking for matching route
check if request match route
- route: /images/*
- wildcard: true
checking wildcard route
- glob: /images/*
- pathBeforeWildcard: /images/
- base path doesn't match. Exit
- alternateRequestPath: /.auth/login/aad
checking wildcard route
- glob: /images/*
- pathBeforeWildcard: /images/
- base path doesn't match. Exit
check if request match route
- route: /api/*
- wildcard: true
checking wildcard route
- glob: /api/*
- pathBeforeWildcard: /api/
- base path doesn't match. Exit
- alternateRequestPath: /.auth/login/aad
checking wildcard route
- glob: /api/*
- pathBeforeWildcard: /api/
- base path doesn't match. Exit
check if request match route
- route: /login
- wildcard: false
- alternateRequestPath: /.auth/login/aad
check if request match route
- route: /.auth/login/twitter
- wildcard: false
- alternateRequestPath: /.auth/login/aad
check if request match route
- route: /.auth/login/github
- wildcard: false
- alternateRequestPath: /.auth/login/aad
check if request match route
- route: /logout
- wildcard: false
- alternateRequestPath: /.auth/login/aad
check if request match route
- route: /.auth/invitations*
- wildcard: true
checking wildcard route
- glob: /.auth/invitations*
- pathBeforeWildcard: /.auth/invitations
- base path doesn't match. Exit
- alternateRequestPath: /.auth/login/aad
checking wildcard route
- glob: /.auth/invitations*
- pathBeforeWildcard: /.auth/invitations
- base path doesn't match. Exit
check if request match route
- route: /dashboard*
- wildcard: true
checking wildcard route
- glob: /dashboard*
- pathBeforeWildcard: /dashboard
- base path doesn't match. Exit
- alternateRequestPath: /.auth/login/aad
checking wildcard route
- glob: /dashboard*
- pathBeforeWildcard: /dashboard
- base path doesn't match. Exit
check if request match route
- route: /fatturaelettronica*
- wildcard: true
checking wildcard route
- glob: /fatturaelettronica*
- pathBeforeWildcard: /fatturaelettronica
- base path doesn't match. Exit
- alternateRequestPath: /.auth/login/aad
checking wildcard route
- glob: /fatturaelettronica*
- pathBeforeWildcard: /fatturaelettronica
- base path doesn't match. Exit
check if request match route
- route: /extract*
- wildcard: true
checking wildcard route
- glob: /extract*
- pathBeforeWildcard: /extract
- base path doesn't match. Exit
- alternateRequestPath: /.auth/login/aad
checking wildcard route
- glob: /extract*
- pathBeforeWildcard: /extract
- base path doesn't match. Exit
check if request match route
- route: /bindusertocard*
- wildcard: true
checking wildcard route
- glob: /bindusertocard*
- pathBeforeWildcard: /bindusertocard
- base path doesn't match. Exit
- alternateRequestPath: /.auth/login/aad
checking wildcard route
- glob: /bindusertocard*
- pathBeforeWildcard: /bindusertocard
- base path doesn't match. Exit
check if request match route
- route: /employeeclockings*
- wildcard: true
checking wildcard route
- glob: /employeeclockings*
- pathBeforeWildcard: /employeeclockings
- base path doesn't match. Exit
- alternateRequestPath: /.auth/login/aad
checking wildcard route
- glob: /employeeclockings*
- pathBeforeWildcard: /employeeclockings
- base path doesn't match. Exit
check if request match route
- route: /employees*
- wildcard: true
checking wildcard route
- glob: /employees*
- pathBeforeWildcard: /employees
- base path doesn't match. Exit
- alternateRequestPath: /.auth/login/aad
checking wildcard route
- glob: /employees*
- pathBeforeWildcard: /employees
- base path doesn't match. Exit
check if request match route
- route: /about*
- wildcard: true
checking wildcard route
- glob: /about*
- pathBeforeWildcard: /about
- base path doesn't match. Exit
- alternateRequestPath: /.auth/login/aad
checking wildcard route
- glob: /about*
- pathBeforeWildcard: /about
- base path doesn't match. Exit
check if request match route
- route: /site.webmanifest
- wildcard: false
- alternateRequestPath: /.auth/login/aad
checking auth request
- auth request detected
processing auth request
- auth returned 400
GET http://localhost:4280/.auth/login/aad?post_login_redirect_uri=http://localhost:4280/dashboard - 400
- OS: [Win11, node 20 and 22]
- Version [2.0.2/3 with node 20, 2.0.4 with both node 20 and 22]
Additional context
SPA framework used is Vue3, tried different npm packages before realizing that the error was only due to SWA CLI version
Before filing this issue, please ensure you're using the latest CLI by running
swa --versionand comparing to the latest version on npm.Are you accessing the CLI from the default port
:4280?--port) and accessing the CLI from that port:4280ℹ️ NOTE: Make sure to enable debug logs when running any
swacommands using--verbose=sillyDescribe the bug
Azure Static Web Apps Auth emulation doesn't work from CLI 2.0.2 to current version 2.0.4. Works fine until 2.0.1.
To Reproduce
I've executed
swa start http://localhost:5173 --api-location http://localhost:7113 --verbose=silly --swa-config-location ./swaconfig/preview --run "npm run dev"my swa confing
Expected behavior

Accessing the page
http://localhost:4280/.auth/login/aad?post_login_redirect_uri=http://localhost:4280/dashboardshould displayinstead an error is received
Screenshots
Response of the page
AZURE_CLIENT_ID not found in env for 'aad' providersilly mode log
Additional context
SPA framework used is Vue3, tried different npm packages before realizing that the error was only due to SWA CLI version