Skip to content

Azure Static Web Apps AAD Auth emulation doesn't work from CLI 2.0.2 to current version 2.0.4. Works fine until 2.0.1 #941

Description

@ciacco85

Before filing this issue, please ensure you're using the latest CLI by running swa --version and comparing to the latest version on npm.

Are you accessing the CLI from the default port :4280 ?

  • No, I am using a different port number (--port) and accessing the CLI from that port
  • Yes, I am accessing the CLI from port :4280

Make sure you are accessing the URL printed in the console when running swa start!

ℹ️ NOTE: Make sure to enable debug logs when running any swa commands using --verbose=silly

Describe the bug
Azure Static Web Apps Auth emulation doesn't work from CLI 2.0.2 to current version 2.0.4. Works fine until 2.0.1.

To Reproduce
I've executed
swa start http://localhost:5173 --api-location http://localhost:7113 --verbose=silly --swa-config-location ./swaconfig/preview --run "npm run dev"
my swa confing

{
  "trailingSlash": "auto",
  "auth": {
    "identityProviders": {
      "azureActiveDirectory": {
        "registration": {          
          "openIdIssuer": "https://login.microsoftonline.com/<mytenant>/v2.0",
          "clientIdSettingName": "AZURE_CLIENT_ID",
          "clientSecretSettingName": "AZURE_CLIENT_SECRET"
        }
      }
    }
  },
  "routes": [
    {
      "route": "/images/*",
      "headers": {
        "cache-control": "must-revalidate, max-age=15770000"
      }
    },
    {
      "route": "/api/*",
      "methods": [
        "GET",
        "PUT",
        "POST",
        "PATCH",
        "DELETE"
      ],
      "allowedRoles": [
        "authenticated"
      ]
    },
    {
      "route": "/login",
      "rewrite": "/.auth/login/aad"
    },
    {
      "route": "/.auth/login/twitter",
      "statusCode": 404
    },
    {
      "route": "/.auth/login/github",
      "statusCode": 404
    },
    {
      "route": "/logout",
      "redirect": "/.auth/logout"
    },
    {
      "route": "/.auth/invitations*",
      "allowedRoles": [
        "authenticated"
      ]
    },
    {
      "route": "/dashboard*",
      "allowedRoles": [
        "authenticated"
      ]
    },
    {
      "route": "/fatturaelettronica*",
      "allowedRoles": [
        "anonymous"
      ]
    },
    {
      "route": "/extract*",
      "allowedRoles": [
        "authenticated"
      ]
    },
    {
      "route": "/bindusertocard*",
      "allowedRoles": [
        "authenticated"
      ]
    },
    {
      "route": "/employeeclockings*",
      "allowedRoles": [
        "authenticated"
      ]
    },
    {
      "route": "/employees*",
      "allowedRoles": [
        "authenticated"
      ]
    },
    {
      "route": "/about*",
      "allowedRoles": [
        "admin"
      ]
    },
    {
      "route": "/site.webmanifest",
      "allowedRoles": [ "anonymous", "authenticated" ]
    }
  ],
  "navigationFallback": {
    "rewrite": "index.html",
    "exclude": [
      "/images/*.{png,jpg,gif}",
      "/css/*"
    ]
  },
  "responseOverrides": {
    "400": {
      "rewrite": "/invalid-invitation-error.html"
    },
    "401": {
      "redirect": "/login",
      "statusCode": 302
    },
   "403": {
      "rewrite": "/custom-forbidden-page.html"
    },
    "404": {
      "rewrite": "/404.html"
    }
  },
  "globalHeaders": {
    "content-security-policy": "img-src 'self' blob: data:;default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'",
    "Access-Control-Allow-Origin": "*",
    "Access-Control-Allow-Methods": "GET, OPTIONS"
  },
  "mimeTypes": {
    ".json": "text/json"
  },
  "platform": {
    "apiRuntime": "dotnet-isolated:9.0"
  }
}

Expected behavior
Accessing the page http://localhost:4280/.auth/login/aad?post_login_redirect_uri=http://localhost:4280/dashboard should display
Image
instead an error is received

Screenshots
Response of the page
AZURE_CLIENT_ID not found in env for 'aad' provider
silly mode log

--------------------------------------------------------
------------------- processing route -------------------
--------------------------------------------------------
processing /.auth/login/aad?post_login_redirect_uri=http://localhost:4280/dashboard
checking for matching route
check if request match route
 - route: /images/*
 - wildcard: true
checking wildcard route
 - glob: /images/*
 - pathBeforeWildcard: /images/
 - base path doesn't match. Exit
 - alternateRequestPath: /.auth/login/aad
checking wildcard route
 - glob: /images/*
 - pathBeforeWildcard: /images/
 - base path doesn't match. Exit
check if request match route
 - route: /api/*
 - wildcard: true
checking wildcard route
 - glob: /api/*
 - pathBeforeWildcard: /api/
 - base path doesn't match. Exit
 - alternateRequestPath: /.auth/login/aad
checking wildcard route
 - glob: /api/*
 - pathBeforeWildcard: /api/
 - base path doesn't match. Exit
check if request match route
 - route: /login
 - wildcard: false
 - alternateRequestPath: /.auth/login/aad
check if request match route
 - route: /.auth/login/twitter
 - wildcard: false
 - alternateRequestPath: /.auth/login/aad
check if request match route
 - route: /.auth/login/github
 - wildcard: false
 - alternateRequestPath: /.auth/login/aad
check if request match route
 - route: /logout
 - wildcard: false
 - alternateRequestPath: /.auth/login/aad
check if request match route
 - route: /.auth/invitations*
 - wildcard: true
checking wildcard route
 - glob: /.auth/invitations*
 - pathBeforeWildcard: /.auth/invitations
 - base path doesn't match. Exit
 - alternateRequestPath: /.auth/login/aad
checking wildcard route
 - glob: /.auth/invitations*
 - pathBeforeWildcard: /.auth/invitations
 - base path doesn't match. Exit
check if request match route
 - route: /dashboard*
 - wildcard: true
checking wildcard route
 - glob: /dashboard*
 - pathBeforeWildcard: /dashboard
 - base path doesn't match. Exit
 - alternateRequestPath: /.auth/login/aad
checking wildcard route
 - glob: /dashboard*
 - pathBeforeWildcard: /dashboard
 - base path doesn't match. Exit
check if request match route
 - route: /fatturaelettronica*
 - wildcard: true
checking wildcard route
 - glob: /fatturaelettronica*
 - pathBeforeWildcard: /fatturaelettronica
 - base path doesn't match. Exit
 - alternateRequestPath: /.auth/login/aad
checking wildcard route
 - glob: /fatturaelettronica*
 - pathBeforeWildcard: /fatturaelettronica
 - base path doesn't match. Exit
check if request match route
 - route: /extract*
 - wildcard: true
checking wildcard route
 - glob: /extract*
 - pathBeforeWildcard: /extract
 - base path doesn't match. Exit
 - alternateRequestPath: /.auth/login/aad
checking wildcard route
 - glob: /extract*
 - pathBeforeWildcard: /extract
 - base path doesn't match. Exit
check if request match route
 - route: /bindusertocard*
 - wildcard: true
checking wildcard route
 - glob: /bindusertocard*
 - pathBeforeWildcard: /bindusertocard
 - base path doesn't match. Exit
 - alternateRequestPath: /.auth/login/aad
checking wildcard route
 - glob: /bindusertocard*
 - pathBeforeWildcard: /bindusertocard
 - base path doesn't match. Exit
check if request match route
 - route: /employeeclockings*
 - wildcard: true
checking wildcard route
 - glob: /employeeclockings*
 - pathBeforeWildcard: /employeeclockings
 - base path doesn't match. Exit
 - alternateRequestPath: /.auth/login/aad
checking wildcard route
 - glob: /employeeclockings*
 - pathBeforeWildcard: /employeeclockings
 - base path doesn't match. Exit
check if request match route
 - route: /employees*
 - wildcard: true
checking wildcard route
 - glob: /employees*
 - pathBeforeWildcard: /employees
 - base path doesn't match. Exit
 - alternateRequestPath: /.auth/login/aad
checking wildcard route
 - glob: /employees*
 - pathBeforeWildcard: /employees
 - base path doesn't match. Exit
check if request match route
 - route: /about*
 - wildcard: true
checking wildcard route
 - glob: /about*
 - pathBeforeWildcard: /about
 - base path doesn't match. Exit
 - alternateRequestPath: /.auth/login/aad
checking wildcard route
 - glob: /about*
 - pathBeforeWildcard: /about
 - base path doesn't match. Exit
check if request match route
 - route: /site.webmanifest
 - wildcard: false
 - alternateRequestPath: /.auth/login/aad
checking auth request
 - auth request detected
processing auth request
 - auth returned 400
GET http://localhost:4280/.auth/login/aad?post_login_redirect_uri=http://localhost:4280/dashboard - 400
  • OS: [Win11, node 20 and 22]
  • Version [2.0.2/3 with node 20, 2.0.4 with both node 20 and 22]

Additional context
SPA framework used is Vue3, tried different npm packages before realizing that the error was only due to SWA CLI version

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions