0

I am attempting to manage custom user roles for a Static Web App programatically via a built-in function for OpenId Connect to Azure ADB2C. It's got a built-in python serverless API. Here is my setup:

    "auth": {
      "rolesSource": "/api/get_roles",
        "identityProviders": {
            "customOpenIdConnectProviders": {
                "aadb2c": {
                    "registration": {
                        "clientIdSettingName": "AADB2C_PROVIDER_CLIENT_ID",
                        "clientCredential": {
                            "clientSecretSettingName": "AADB2C_PROVIDER_CLIENT_SECRET"
                        },
                        "openIdConnectConfiguration": {
                            "wellKnownOpenIdConfiguration": "https://<my specifics>/v2.0/.well-known/openid-configuration"
                        }
                    },
                    "login": {
                        "nameClaimType": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
                        "scopes": [],
                        "loginParameterNames": []
                    }
                }
            }
        }
    }

This function never get's called from what I can tell - have the api/get_roles function hard-coded to test with this:

default_roles = {
    "roles": [
        "anonymous",
        "tester"
    ]
}

But when I output the client principal after login, I see the normal anonymous + authenticated.

I can't see any reason this would NOT work, unless manage roles with custom functions are not enabled for either:

  1. python
  2. AADB2C

Any help would be appreciated.

Improve this question
1
  • I think you need to clarify what's not working and what you've tried. Your code blocks just looks like JSON config, they don't say anything about your code or the behaviour of your solution. Do you have an API that works and returns roles, what does the response look like? Do you have user flows or custom policies set up in B2C to call that API? What do they look like? What are you expecting to see, what do you actually see? Commented Jul 28, 2023 at 14:19

1 Answer 1

Reset to default
1

Custom authentication for Azure Static Web Apps should work with Azure AD B2C. Ensure your roles function is returning the desired paylod at that its schema follows this one:

{
  "roles": [
    "Reader",
    "Contributor"
  ]
}

For a fully working sample of custom authentication take a look to Tutorial: Assign custom roles with a function and Microsoft Graph.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for the reply. It turns out my output schema was correct, but I was using the input json object incorrectly in my Python code for the identify provider. I was flying blind doing dev without logging, given the custom roles function was not executing as part of my local function app testing so I couldn't see any logging. I had to eventually bite the bullet and pay for App Insights, and once I did it was quick to diagnose how I was using the input json incorrectly from the app insights logs.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.