Authentication error on static web app getting 403 #2240
Unanswered
nikharthakur-psi
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello Team,
I have deployed the Storybook application on a static web app, using app registration for authentication. The static web app is configured with a custom domain and is under a virtual network (VNet). To enable public access, I have set up an application gateway. However, when attempting to access the public domain, it returns a 403 error and the URL changes to.
https://privateendpoint/.auth/login/aad?post_login_redirect_uri=/.auth/complete&staticWebAppsAuthNonce=OjfCG3Z5MVM8z6X8Mx%2bRh%2bhtZ4EmN4UuQNe4uDmrWEvXxhJAOuIb9UEHsJJwCQor26TjqNnb0nkQKcK%2f5Eli0kph5sNyqCzhgv7srL68z%2bETAaaiEivyxipChdXk9Gg0
my staticweb.config.json looks like :
{ "trailingSlash": "auto", "routes": [ { "route": "/login", "rewrite": "/.auth/login/aad" }, { "route": "/logout", "rewrite": "/.auth/logout" }, { "route": "/*", "allowedRoles": [ "authenticated" ], "headers": { "Cache-Control": "no-store" } } ], "auth": { "identityProviders": { "azureActiveDirectory": { "registration": { "openIdIssuer": "https://login.microsoftonline.com/{tenant_id}/v2.0", "clientIdSettingName": "AZURE_CLIENT_ID", "clientSecretSettingName": "AZURE_CLIENT_SECRET" } } } }, "responseOverrides": { "401": { "redirect": "/login", "statusCode": 302 } }, "globalHeaders": { "Access-Control-Allow-Origin": "*", "Access-Control-Allow-Methods": "POST, GET, OPTIONS" } }I have added the AZURE_CLIENT_ID and AZURE_CLIENT_SECRET as environment variables in the static web app. In the app registration's authentication settings, I configured it as a single-page application and added the redirect URI: https://(public_url)/.auth/login/aad/callback.
In the Implicit grant and hybrid flows section, I selected both options: Access tokens (used for implicit flows) and ID tokens (used for implicit and hybrid flows). I also tried selecting them individually, but it did not work.
For API permissions, I chose Microsoft Graph: User.Read and granted admin consent.
Additionally, there is no redirection rule configured in the application gateway or in the code.
Beta Was this translation helpful? Give feedback.
All reactions