You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm hitting the following issue with tinyblazoradmin static web app signin after completing the setup instructions. Any insights on what i got wrong with following deployment steps using current azure portal ui, static web apps, functions and azure ad experience?
Using the SAML, WS-Federation and OAuth 2.0 tracer extension in browser it adds the following detail to the source of the issue. <scope>user.read openid profile https://shortenertoolsh7skj.azurewebsites.net/user_impersonation</scope>
When i look at my azure ad application registration for the url shortener functions app in the Expose an API i see the application id uri = api://<application (client) id> and when i try and edit it to instead be https://<my functions as a service>.azurewebsites.net i get the error Failed to update Application ID URI application property. Error detail: Values of IdentifierUris property must use a verified domain of the organization or its subdomain: https://<my functions as a service>.azurewebsites.net.
If I change the appSettings.json | UrlShortenerSecuredService.Endpoint to use api://<application (client) id> instead of the function as a service app's service url then signin consent dialog and acquisition on on-behalf-of toke works . . . but calls to the service fail. It would seem that the tinyblazoradmin app need to be updated to have both a appSettings.json | UrlShortenerSecuredService.EndpointAppId entry that can be defined to use api://<application (client) id> and an Endpoint url of the actual service. Not sure where else in the code base an associated update would then be required just yet.
Note that the step where you enable functions app azure ad integration suggests there is a settings | authentication / authorization navigation menu option and i'm only seeing settings | authentication. The screens that follow are not inline with what is in that part of the deployment document perhaps that is where things have gone awry.
https://<my static web app holding tinyblazoradmin>.azurestaticapps.net/authentication/login-callback#error=invalid_resource&error_description=AADSTS500011%3a+The+resource+principal+named+https%3a%2f%2f<my functions as a service>.azurewebsites.net+was+not+found+in+the+tenant+named+b03bf4fd-357d-4245-8680-70b8c5ba51e7.+This+can+happen+if+the+application+has+not+been+installed+by+the+administrator+of+the+tenant+or+consented+to+by+any+user+in+the+tenant.+You+might+have+sent+your+authentication+request+to+the+wrong+tenant.%0d%0aTrace+ID%3a+d12c59d2-8bd1-45c3-87ee-fd186c910300%0d%0aCorrelation+ID%3a+76df090c-e044-4d0e-abcc-fc249e2715b2%0d%0aTimestamp%3a+2022-10-31+21%3a20%3a16Z&error_uri=https%3a%2f%2flogin.microsoftonline.com%2ferror%3fcode%3d500011&state=eyJpZCI6IjFkZWQxZTRlLTg1NzMtNGViZC05YjNiLTlkZWU3YWRlYWEwZSIsInRzIjoxNjY3MjUxMjEzfQ%3d%3d%7cEew420fJalztP4NocchPQ-q9Saw-Ml-kplTi4SOCwlA
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I'm hitting the following issue with tinyblazoradmin static web app signin after completing the setup instructions. Any insights on what i got wrong with following deployment steps using current azure portal ui, static web apps, functions and azure ad experience?
Using the
SAML, WS-Federation and OAuth 2.0 tracerextension in browser it adds the following detail to the source of the issue.<scope>user.read openid profile https://shortenertoolsh7skj.azurewebsites.net/user_impersonation</scope>When i look at my azure ad application registration for the url shortener functions app in the
Expose an APIi see theapplication id uri = api://<application (client) id>and when i try and edit it to instead behttps://<my functions as a service>.azurewebsites.neti get the errorFailed to update Application ID URI application property. Error detail: Values of IdentifierUris property must use a verified domain of the organization or its subdomain: https://<my functions as a service>.azurewebsites.net.If I change the appSettings.json | UrlShortenerSecuredService.Endpoint to use
api://<application (client) id>instead of the function as a service app's service url then signin consent dialog and acquisition on on-behalf-of toke works . . . but calls to the service fail. It would seem that the tinyblazoradmin app need to be updated to have both a appSettings.json | UrlShortenerSecuredService.EndpointAppId entry that can be defined to useapi://<application (client) id>and an Endpoint url of the actual service. Not sure where else in the code base an associated update would then be required just yet.Note that the step where you enable functions app azure ad integration suggests there is a settings | authentication / authorization navigation menu option and i'm only seeing settings | authentication. The screens that follow are not inline with what is in that part of the deployment document perhaps that is where things have gone awry.
https://<my static web app holding tinyblazoradmin>.azurestaticapps.net/authentication/login-callback#error=invalid_resource&error_description=AADSTS500011%3a+The+resource+principal+named+https%3a%2f%2f<my functions as a service>.azurewebsites.net+was+not+found+in+the+tenant+named+b03bf4fd-357d-4245-8680-70b8c5ba51e7.+This+can+happen+if+the+application+has+not+been+installed+by+the+administrator+of+the+tenant+or+consented+to+by+any+user+in+the+tenant.+You+might+have+sent+your+authentication+request+to+the+wrong+tenant.%0d%0aTrace+ID%3a+d12c59d2-8bd1-45c3-87ee-fd186c910300%0d%0aCorrelation+ID%3a+76df090c-e044-4d0e-abcc-fc249e2715b2%0d%0aTimestamp%3a+2022-10-31+21%3a20%3a16Z&error_uri=https%3a%2f%2flogin.microsoftonline.com%2ferror%3fcode%3d500011&state=eyJpZCI6IjFkZWQxZTRlLTg1NzMtNGViZC05YjNiLTlkZWU3YWRlYWEwZSIsInRzIjoxNjY3MjUxMjEzfQ%3d%3d%7cEew420fJalztP4NocchPQ-q9Saw-Ml-kplTi4SOCwlABeta Was this translation helpful? Give feedback.
All reactions