StaticWebApps Enhanced Header Payload processing

[seantleonard]

Why make this change?

• Closes SWA Users - support userDetails, userId from X-MS-CLIENT-PRINCIPAL payload #843
  • StaticWebApps(SWA) does not include claims from an Identity Provider's issued access token. The SWA related auth classes and tests should not references claims. (This gap is in process of being added to SWA Authentication documentation publicly.)
  • SWA authenticated user payload does include the properties userId and userDetails. These properties can be used as claims and can be referenced in database authorization policies.

What is this change?

• Updated SWA Authentication classes which add the claims userId and userDetails to the ClaimsIdentity object when present (and not null/empty/whitespace) in the SWA authenticated user payload. These claims can be used in authorization policies without any changes beyond adding the claims to the ClaimsIdentity object with claim types of:
  • userId
  • userDetails
• Unit Tests related to SWA EasyAuth claims are now converted to tests for AppService, since AppService EasyAuth tests benefit from such test coverage.

How was this tested?

• Integration Tests
• Unit Tests : tests added and existing tests updated.

Sample Request(s)

Sample X-MS-CLIENT-PRINCIPAL header values to use for manual testing (which are already used in unit tests)

Raw Json object that can be modified for use in Base64 Encoding. Note: UserId and UserDetails must be JSON strings to match actual EasyAuth payload property types.

{"IdentityProvider":"aad","UserId":"1234","UserDetails":"userDetailsString","UserRoles":["anonymous","authenticated"]}

Base64Encoded header to use as header value
eyJJZGVudGl0eVByb3ZpZGVyIjoiYWFkIiwiVXNlcklkIjoiMTIzNCIsIlVzZXJEZXRhaWxzIjoidXNlckRldGFpbHNTdHJpbmciLCJVc2VyUm9sZXMiOlsiYW5vbnltb3VzIiwiYXV0aGVudGljYXRlZCJdfQ==

[ayush3797]

LGTM!

[mbhaskar]

LGTM with a suggestion on documentation