Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Client Secret not being read from correct environment variable when using app service authentication v2 #1506

Closed
1 of 8 tasks
jwevansgam opened this issue Oct 29, 2021 · 3 comments
Closed
1 of 8 tasks

Client Secret not being read from correct environment variable when using app service authentication v2 #1506

jwevansgam opened this issue Oct 29, 2021 · 3 comments
Labels
App Services Auth fixed
Milestone
1.24.0

Comments

@jwevansgam
Copy link

jwevansgam commented Oct 29, 2021
edited
Loading

Which version of Microsoft Identity Web are you using?
Microsoft Identity Web 1.18.0

Where is the issue?

  • Web app
    • Sign-in users
    • Sign-in users and call web APIs
  • Web API
    • Protected web APIs (validating tokens)
    • Protected web APIs (validating scopes)
    • Protected web APIs call downstream web APIs
  • Token cache serialization
    • In-memory caches
    • Session caches
    • Distributed caches
  • Other (please describe)

Is this a new or an existing app?
c. This is a new app or an experiment.

Repro

services.AddMicrosoftIdentityWebAppAuthentication(configuration)
    .EnableTokenAcquisitionToCallDownstreamApi()
    .AddInMemoryTokenCaches();

Expected behavior
I am running a ASP.NET Core web app and trying to get an access token so I can call a downstream api on behalf of the user. The Web App and Api is hosted in Azure App Service and both are secured using app service authentication (Easy Auth).

When the web app is hosted in Azure App Service I would expect the secret to be read by first reading the environment variable called WEBSITE_AUTH_CLIENT_SECRET_SETTING_NAME and then reading the actual secret from an environment variable with this setting name. By default when app service authentication is enabled the client secret is actually stored in an environment variable called MICROSOFT_PROVIDER_AUTHENTICATION_SECRET.

Actual behavior
The class AppServicesAuthenticationTokenAcquisition in Microsoft.Identity.Web is reading the client secret from a variable called WEBSITE_AUTH_CLIENT_SECRET but the actual client secret is stored in a variable called MICROSOFT_PROVIDER_AUTHENTICATION_SECRET so the client secret is not found.

Possible solution
image

Additional context / logs / screenshots
It is not possible to create an app setting in the Azure App Service called WEBSITE_AUTH_CLIENT_SECRET as I get this error and I can create other app settings.
image

Add any other context about the problem here, such as logs and screenshots.

image
@jwevansgam jwevansgam changed the title [Bug] Client Secret not being read from correct environment variable when using app service authentication Oct 29, 2021
@jwevansgam jwevansgam changed the title Client Secret not being read from correct environment variable when using app service authentication Client Secret not being read from correct environment variable when using app service authentication v2 Oct 29, 2021
@yonail
Copy link

yonail commented Feb 3, 2022

Hello,
I have the same problem. Is there any workaround?
Thanks!

@jmprieur
Copy link
Collaborator

jmprieur commented Feb 3, 2022

@jennyf19 let's take this one for next release.

@jennyf19 jennyf19 mentioned this issue Feb 4, 2022
Merged
@jennyf19 jennyf19 added the fixed label Feb 4, 2022
@jennyf19 jennyf19 added this to the 1.22.4 milestone Feb 4, 2022
@jennyf19 jennyf19 modified the milestones: 1.23.3, 1.24.0 Apr 19, 2022
@jennyf19
Copy link
Collaborator

Released in 1.24.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
App Services Auth fixed
Projects
None yet
Milestone
1.24.0
Development

No branches or pull requests
4 participants
@yonail @jmprieur @jennyf19 @jwevansgam