I'm not authenticated

[ACmalemzadeh]

I have used the GetRoles api and staticwebapp.config.json for my static web app. I get authorized and get in, but recieve a 403 error due to authentication. when I check /.auth/me I only get below:

{
"clientPrincipal": {
"identityProvider": "aad",
"userId": "<User_Id>",
"userDetails": "<My_Email",
"userRoles": [
"anonymous",
"authenticated"
]
}

those two roles are the default roles and the one I have configured with AAD groups under roleGroupMappings won't show up.

anyone else is having this issue?

P.S. I have used the config file and api files as it's shown in this repo in my Falkon project.

[viggotw]

Hi,
We have experienced an issues where some people are not granted the roles that they should receive. Currently it seems like this issue presents itself for people with æ, ø, or å in their names. Could you confirm if this is the case for you as well?
We have explored some options for fixing this, and we are working on implementing them for this template repo as well. I will keep you posted

[viggotw]

Ok, so here is the fix based on this repo. See the branch related to this issue for the actual changes. This branch will not be merged until Microsoft fixes a bug for which this branch has a some-what hacky workaround for. However, I do prefer this solution over the original, since you are now able to connect users/groups to roles in the App Registration rather than have it hard coded in the JS-code. Finally, this solution also includes logging using Application Insights, which is optional.

1. Updated files
This branch contains two updated files:
- /api/package.json - (Only necessary if you want Application Insights
- /api/GetRoles/index.js (Remove the stuff related to Application Insights if you don't want this)

1b. (Optional) Connect Insight Analytics:

1. In Azure Portal, go to Static Web App > YOUR_STATIC_WEB_APP > Application Insights > Enable Application Insights. Create new if you don't have one.
2. Verify that the value static web app > Configuration > APPINSIGHTS_INSTRUMENTATIONKEY matches the newly created application insight "Instrumentation Key"

2. Create custom roles

1. In Azure Portal, go to AAD > App Registration > YOUR_APP_REG > App roles > Create app role. To create e.g. a "reader" role, enter:

    Display name: "reader"
    Allowed member types: User/Groups
    Value: "reader"
    Description: "reader"
   

2. In Azure Portal, go to Enterprise Applications > YOUR_APP_REG > Users and groups > Add user/group (might need to wait some minutes before the role created in previous step is visible here)

   User and groups: Select person or AAD Group
   Select a role: Role that you created in previous step