[AZINTS-4137] Enrich app reg access errors with instructions#72
Merged
benjjs merged 1 commit intoOct 31, 2025
Merged
Conversation
gpalmz
approved these changes
Oct 31, 2025
benjjs
deleted the
benjamin.johnsonstaub/azints-4137/add-app-reg-permission-instructions
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
We have seen at least one case of users getting to the
app_registrationstep without the proper permissions, most likely because of inconsistent propagation delay for newly granted permissions. Since this is something outside of our control but within the user's (by waiting), we should account for this and display an informative error to the user.Summary
Enrich any access errors we encounter while trying to create an app registration with an informative message. The message points them to the relevant place in our docs where we describe how to get the permissions they need (in case they really don't have the permissions and we failed to check this earlier), and ask them to allow up to an hour for the permissions to propagate (I got this number from Azure, pain).
Testing
Spoof an access error in the create app registration step, connect onboarding flow to local script, and submit some selections:
Not the prettiest thing in the world but if we want the errors to live in one place in the script (as opposed to having custom displays for different errors), this is about the best we can do I think. I do plan on increasing the width of the error modal which will help somewhat I think.