-
Notifications
You must be signed in to change notification settings - Fork 286
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support reply_url type Spa on azuread_application #244
Comments
hey @jorgecarleitao. It doesn't appear support for that is in the SDK at the moment, it only accepts an array of strings. |
I have a use case which also depends on the new Spa type. References:
|
I have created an upstream issue to track this: Azure/azure-rest-api-specs#9617 |
I doubt this will be supported in AAD Graph as new features are being added to MS Graph. I've scoured the object references for applications and service principals, and I could only find support for the current/legacy The provider is not currently able to leverage MS Graph API, however we do plan on moving to it. Hopefully this property will be supported when that time comes. |
Supported in MS Graph: https://docs.microsoft.com/en-us/graph/api/resources/spaapplication?view=graph-rest-beta |
@manicminer What would be the right approach if I wanted to generate App registrations with SPA from config. Should I script against the MS graph manually, or is there an abstraction? |
@yene Right now you'll need to script this, but we'll have support for SPA configs in the near future. |
@yene I use a post-apply Azure CLI script to add the SPA config. I can probably find the code and post a snippet if you need it |
Hi, I use this bash script, where the variables are set like this:
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Description
This is a feature request to extend the
reply_url
onazuread_application
to allow a brand new type of reply urls implemented in Azure AD called "Spa".They differ from the traditional "Web" reply urls in that they support OAuth2's PKCE, see here on how to change it in the manifest, and here for the discussion on a client. Essentially, reply urls will have two types, "Web" (current) and "Spa" (new addition).
Currently, terraform only supports an array of strings, which represent reply urls of type "Web". We need to extend it to support either an array of strings (for backward compatibility) or an array of maps containing two keys, e.g. "reply_url" and "type", where "type" can only be "Web" or "Spa".
FYI I have validated that changing the type does indeed make PKCE work.
New or Affected Resource(s)
azuread_application
The text was updated successfully, but these errors were encountered: