Azure Static web app - Custom Identity Auth with Azure AD

Question

I am new to the Azure Static app and struggling to make Azure AD SSO work with Azure AD app registration. I went through the questions already available on stack overflow but the responses miss the routing config in staticwebapp.config.json file and I feel I am making some mistakes there.

Active Directory registration

staticwebapp.config

Azure Static web app configuration

Now when I try to login using the URL https://black-flower-007ce3a10.2.azurestaticapps.net/login, it gets redirected to https://login.microsoftonline.com//oauth2/v2.0/authorize?response_type=code+id_token&redirect_uri=https%3a%2f%2fblack-flower-007ce3a10.2.azurestaticapps.net%2f.auth%2flogin%2faad%2fcallback&client_id=&scope=openid+profile+email&response_mode=form_post&nonce=91a9c801d3dd4a85b274fecdeb713958_20221109234404&state=redir%3d%252F.auth%252Fcomplete&sso_nonce=&client-request-id=

Any help?

Answer 1

I tried to reproduce the same in my environment and got the same error as below:

The error usually occurs if the API permissions of the Azure AD Application are not consented by the Global Admin like below:

To resolve the error, sign-in with Global Admin account and grant the admin consent for the API permissions like below:

Alternatively, you can also sign-in with Global Admin credentials and Accept the consent on behalf of organization like below:

https://login.microsoftonline.com/TenantID/adminconsent?client_id=ClientID

After doing the above setting, when I hit the Authorize URL and signed in with user credentials, I am able to get the response successfully like below:

If you want to allow users to consent to the Application, try the below:

Go to Azure Portal -> Enterprise Application -> User Settings -> Go to Consent and permissions