I've made an attempt to get Azure Static Web Apps with customized Roles function to work in my environment just as specified by: https://learn.microsoft.com/en-us/azure/static-web-apps/assign-roles-microsoft-graph
Everything seems to work as expected but when visiting the page restricted by a specific role the API doesn't seem to be assigning the expected role.
I've modified the API and removed all the logic to assign a role to everyone logging in and still doesn't work. Here's the modified code:
const fetch = require('node-fetch').default;
module.exports = async function (context, req) {
const user = req.body || {};
const roles = [];
roles.push('superuser');
context.res.json({
roles
});
}
Here's my staticwebapp.config.json file:
{
"auth": {
"rolesSource": "/api/GetRoles",
"identityProviders": {
"azureActiveDirectory": {
"userDetailsClaim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"registration": {
"openIdIssuer": "https://login.microsoftonline.com/44263d43-a2f0-45a8-8f55-9b100ecfb4dc",
"clientIdSettingName": "AAD_CLIENT_ID",
"clientSecretSettingName": "AAD_CLIENT_SECRET"
},
"login": {
"loginParameters": ["resource=https://graph.microsoft.com"]
}
}
}
},
"routes": [
{
"route": "/secured/*",
"allowedRoles": ["superuser"]
},
{
"route": "/admin/*",
"allowedRoles": ["administrator"]
},
{
"route": "/contributors/*",
"allowedRoles": ["contributor", "Contributor"]
}
],
"responseOverrides": {
"401": {
"redirect": "/.auth/login/aad?post_login_redirect_uri=.referrer",
"statusCode": 302
}
}
}
I've tried changing the order of the config file. My last attempt before posting was to remove all logic and just assign everyone the 'superuser' role.
Everyone can login successfully & pre-defined roles work like a charm but no one ever gets the 'superuser' role.
I'm trying to figure out what I'm doing wrong or has Azure Static Web Apps changed so that this code just won't work like it did a year ago?
Thank you help in advance.
