Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How can I disable Microsoft account authentication? #183

Closed
hacker01111000 opened this issue Aug 16, 2023 · 5 comments
Closed

How can I disable Microsoft account authentication? #183

hacker01111000 opened this issue Aug 16, 2023 · 5 comments
Assignees
@gitri-ms
Labels
question Further information is requested webapp Pull requests that update Typescript code

Comments

@hacker01111000
Copy link

Hi Everyone,

Love what you've done with chat-copilot web app. I am going to use this internally for testing and would like to turn off the Microsoft Azure Directory authentication as using Microsoft accounts is overkill and unnecessary.

I see that the webapp/.env.example file has some configuration options that are used to define 2 users that can login without a Microsoft account. It looks like the unit tests leverage these to bypass the Microsoft login.

REACT_APP_TEST_USER_ACCOUNT1=
REACT_APP_TEST_USER_PASSWORD1=
REACT_APP_TEST_USER_ACCOUNT2=
REACT_APP_TEST_USER_PASSWORD2=

How can I enable these hardcoded accounts to be the only authorized users who can sign in while also disabling the Microsoft authentication altogether?

Thanks for your help in advance.
@crickman
Copy link
Contributor

You can certainly restrict access by IP address via the Azure Portal. Since you are already hosted on Azure, I'm unclear on why you wouldn't just auth to your own AAD principal.

I'll double check w/ team w.r.t. thoughts on backdoor you've identified.

@crickman crickman self-assigned this Aug 16, 2023
@crickman crickman added question Further information is requested webapp Pull requests that update Typescript code labels Aug 16, 2023
@crickman
Copy link
Contributor

Checking with the team, those test user accounts are expected to be Microsoft accounts.

We do have a feature update just about to land that is a significant evolution in our security model...including a "noauth" option. I'll have the feature owner follow-up as it becomes ready to merge next week.

@hacker01111000
Copy link
Author

Sounds good. Looking forward to it.

@crickman crickman removed their assignment Aug 20, 2023
@gitri-ms
Copy link
Collaborator

Hi @hacker01111000, I just submitted this PR last week: #126

This change enables users to run Chat Copilot locally with no authentication, so you are no longer required to set up an app registration and sign in with a Microsoft account. Instead, the user is treated as a pseudonymous "Default User" and multi-user features are disabled.

We still require Azure Active Directory authentication by default when deploying Chat Copilot to Azure. (To add to what Chris said before, those test accounts in the .env file are for our testing pipeline.) If you'd like to allow users to sign in with an authentication provider other than Azure/Microsoft, I encourage you to explore that and submit a PR!

@gitri-ms
Copy link
Collaborator

I'm going to go ahead and close this issue since I think the latest changes I mentioned above address your question. However, if you have further questions, please feel free to reactivate it or open a new issue. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gitri-ms gitri-ms

Labels
question Further information is requested webapp Pull requests that update Typescript code
Projects
No open projects
Apps & Services Semantic Kernel
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gitri-ms @crickman @hacker01111000