Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blazor WebAssembly Standalone authorization via AAD template does not (can not?) use authorization code flow (w/PKCE)... #23572

Closed
mattemoore opened this issue Jul 1, 2020 · 3 comments
Closed

Blazor WebAssembly Standalone authorization via AAD template does not (can not?) use authorization code flow (w/PKCE)... #23572

mattemoore opened this issue Jul 1, 2020 · 3 comments
Labels
area-blazor Includes: Blazor, Razor Components enhancement This issue represents an ask for new feature or an enhancement to an existing one ✔️ Resolution: Duplicate Resolved as a duplicate of another issue help wanted Up for grabs. We would accept a PR to help resolve this issue Status: Resolved
Milestone
Test failures

Comments

@mattemoore
Copy link

mattemoore commented Jul 1, 2020
edited

Describe the bug

When creating a Blazor WASM Standalone SPA as described here: https://docs.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/standalone-with-azure-active-directory?view=aspnetcore-3.1 , the application uses implicit grant flow as opposed to recommended and more secure authorization code flow.

To Reproduce

  1. Register AD application in Azure portal with Authentication platform of type SPA with redirect URI of https://localhost:5001/authentication/login-callback
  2. Ensure that implicit grant access tokens and id tokens are disabled.
  3. Create Blazor WASM app via dotnet new blazorwasm -au SingleOrg --client-id "{CLIENT ID}" --tenant-id "{TENANT ID}"
  4. Run app.
  5. Click Login.

Exceptions (if any)

https://localhost:5001/authentication/login-failed?message=AADSTS700054:%20response_type%20%27id_token%27%20is%20not%20enabled%20for%20the%20application...
This exception is fixed when implicit flow is enabled but this is not the goal. The goal is to use the more secure authorization code flow.

Further technical details

 ~/Code/blazor_webassembly_AD_SPA  master +32 !1  dotnet --info                                                                                                          
.NET Core SDK (reflecting any global.json):
 Version:   3.1.301
 Commit:    7feb845744

Runtime Environment:
 OS Name:     pop
 OS Version:  20.04
 OS Platform: Linux
 RID:         linux-x64
 Base Path:   /usr/share/dotnet/sdk/3.1.301/

Host (useful for support):
  Version: 3.1.5
  Commit:  65cd789777

.NET Core SDKs installed:
  3.1.301 [/usr/share/dotnet/sdk]

.NET Core runtimes installed:
  Microsoft.AspNetCore.App 3.1.5 [/usr/share/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 3.1.5 [/usr/share/dotnet/shared/Microsoft.NETCore.App]
@Pilchie Pilchie added the area-blazor Includes: Blazor, Razor Components label Jul 1, 2020
@mattemoore mattemoore changed the title Blazor WebAssembly Standalone authorization via AAD template does not (can not?) use authorization code flow... Blazor WebAssembly Standalone authorization via AAD template does not (can not?) use authorization code flow (w/PKCE)... Jul 2, 2020
@mkArtakMSFT
Copy link
Member

Thanks for contacting us.
The support for this is not in GA yet. If this gets released in the coming month, we may consider bringing support for this in.

@mkArtakMSFT
Copy link
Member

Thanks for contacting us.
We're moving this issue to the Next sprint planning milestone for future evaluation / consideration. We will evaluate the request when we will planning the work for the next milestone. To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

@mkArtakMSFT mkArtakMSFT added the enhancement This issue represents an ask for new feature or an enhancement to an existing one label Jul 2, 2020
@mkArtakMSFT mkArtakMSFT added this to the Next sprint planning milestone Jul 2, 2020
@mkArtakMSFT mkArtakMSFT added the help wanted Up for grabs. We would accept a PR to help resolve this issue label Jul 2, 2020
@mkArtakMSFT
Copy link
Member

This is going to be handled as part of #23821

@mkArtakMSFT mkArtakMSFT added the ✔️ Resolution: Duplicate Resolved as a duplicate of another issue label Jul 24, 2020
@ghost ghost added the Status: Resolved label Jul 24, 2020
@dotnet dotnet locked as resolved and limited conversation to collaborators Aug 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-blazor Includes: Blazor, Razor Components enhancement This issue represents an ask for new feature or an enhancement to an existing one ✔️ Resolution: Duplicate Resolved as a duplicate of another issue help wanted Up for grabs. We would accept a PR to help resolve this issue Status: Resolved
Projects
None yet
Milestone
Test failures
Development

No branches or pull requests
3 participants
@Pilchie @mattemoore @mkArtakMSFT