I'm using MSAL JS to enable Azure users to log into my application and consume some Azure APIs.
Trying to register the application for my dev env which is local but not using http://localhost
According to Azure Portal, the redirect URIs
Must start with "HTTPS" or "http://localhost"
My local dev env is served on http://my-app.test
Is there a way to use http://my-app.test instead of http://localhost ?
As the limitation mentioned, you can't use http://my-app.test for the web application.
Not only http://localhost, but also http://localhost:xxxx is allowed, your option is to configure the app with them, not change the redirect URIs in the AD App.
Related
I have created a tenant under my organization and registered an app for my testing react application. I have deployed my react application in one of the kubrnetes http server. Is there a way to add http url (react application uri which deployed in kubernetes) in Redirect URI in app registration.
I have given SPA during app registration
Account type - Single tenant
Checked both access token and ID token
The Redirect URIs must begin with the scheme https.
The HTTPS scheme (https://) is supported for all HTTP-based redirect URIs.
The HTTP scheme (http://) is supported only for localhost URIs and should be used only during active local application development and testing.
Please check this for more information
There is no other option available to use Http Schema.
Components:
HTML, Bootstrap, AJAX Single Page Application (SPA) --> Deployed on-premise on tomcat 1
Azure Application Proxy 1 fronting SPA with pre-authentication as passthrough
REST API (API) --> Deployed on-premise on tomcat 2
Azure Application Proxy 2 fronting API with pre-authentication as Azure Active Directory
Microsoft MSAL Javascript library: https://github.com/AzureAD/microsoft-authentication-library-for-js
Flow:
User accesses SPA using Application Proxy 1 external URL eg. https://appProxy1.com/spa
The SPA has a sign-in button, when clicked invokes the Microsoft js MSAL library.
The user is presented a pop-up and upon entering credentials, is authenticated against Azure AD and an OAuth token is fetched.
Once authenticated successfully, the user is allowed to perform search on the SPA.
When the user searches, the SPA invokes the REST API using the application proxy 2 url eg. https://appProxy2.com/rest/.search
The REST call is blocked by browser due to CORS. It seems that Application Proxy/Azure AD is not allowing cross origin calls.
Note:
CORS has been enabled in the REST API code and SPA is able to invoke the REST API if Application Proxy 2 pre-authentication mode is set as passthrough.
I have gone through https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-understand-cors-issues. This workaround is possible if HTML application and REST service are deployed on the same application server.
Question:
Is there any option to enable/configure CORS on Application Proxy.
Currently there is no way to configure/enable the CORS on Application Proxy.
There a user voice request for CORS App Proxy. Please feel free to up vote this user voice request.
I have deployed an app in gcloud appengine. The main site is secured through a google managed certificate in app engine. However, after the authentication through auth0, the redirected url reviewresponse.beratics.com/dashboard is no more http secured although it has a certificate. That means I can change the url manually to https://reviewresponse.beratics.com/dashboard and it works. But it does not work automatically. What can I do, where is the problem? I have implemented pyopenssl and other measures such as talisman in python but the problem still persists. The backend is in flash, the app is on gcloud appengine flexible environment and the site is wordpress managed. The authentication to app works through auth0. All the callback Urls at Auth0 are with https. Thanks in advance!
I think this is what you are looking for, but App Engine has a secure flag in the app.yaml config which you can set to always which will redirect all http traffic to https. The details of this you can find here
Google Cloud app.yaml ref CTRL+F for 'secure'
As a possible workaround, GCE VM's allows custom firewall rules without any load balancer in front of them, in other words, you can use a GCE VM as a "proxy" setting a static IP blocking traffic over port 80 to then redirect to App Engine.
Also, I found this feature Request, as a kind recommendation you can start it in order that you receive further information about this.
I'm implementing a Power BI Embedding solution into third party application which uses the same Active Directory as Power BI. However the application has URL with HTTP and not HTTPS.
Now, for getting the authentication token for embedding, I've created Azure AD Web App and I want to add Redirect URI for that application, but it is not allowing me because it is HTTP.
What can be the solution to get authentication token for Azure AD for embedding?
Thank you.
Apps that are registered for Microsoft identity platform has Restrictions on redirect URLs. The redirect URL for web apps and
services must begin with the scheme https, and all redirect URL values must share a single DNS domain. http://localhost is also supported as a redirect URL.
You can create self signed certificates for https domain (for test purpose).If your app runs in Production Environment, it should be signed by a
trusted certificate authority.Check here to know more.
Refer this post for : Trust a self signed cert from IIS
What URLs I need to enter in Google API credential page?
I created an Oauth2 credential for my Google App engine web app.
I entered callback as https://myapp.appspot.com/oauth2callback and it works fine.
Now I am developing V2 and am deploying the app to 2-dot-myapp, Oauth2 stopped working. Do you have to specify callbacks for all versions I am going to deploy?
Yep! Google (or any OAuth provider) will not allow people to log in unless the callback URL provided during authorization exactly matches one that configure on the credentials page.