For a Azure hosted Static Web App (Blazor) why does RedirectURI and PostLogoutRedirectUri not work when the URL is viewed from a mobile browser

Question

First time questioner - long time searcher. I have been pulling my hair out for a week or so trying to understand why something works locally (using localhost:XXXX) yet does not work when published to Azure.

The set-up

A static web app hosted within a standard Azure Tenancy, and a B2C Tenancy has been created to provide user authentication. The code being used is one of the Blazor WASM samples Microsoft provides=> https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/standalone-with-azure-active-directory-b2c?view=aspnetcore-3.1

The build process uses git-hub and the Azure built in capability to push to the Azure Tenancy host when a github Pull takes place. There is a standard hosting plan in for the static web app, not the free option.

What I have changed from default

I created a Visual Studio solution, downloaded the template to a project named Client and included an API project in a solution (i.e. shaped as a Microsoft Static Web App).

The appsettings.json file was modified to the below:

    {
  "AzureAdB2C": {
    "Authority": "https://{domain}.b2clogin.com/{domain}.onmicrosoft.com/B2C_1_signupsignin1",
    "ClientId": "{Application ID GUID",
    "RedirectUri": "https://localhost:XXXXX/authentication/login-callback",
    "PostLogoutRedirectUri": "https://localhost:XXXXX/authentication/logout-callback",
    "RedirectUriProd": "https://{generated domain prefix}.azurestaticapps.net/authentication/login-callback",
    "PostLogoutRedirectUriProd": "https://{generated domain prefix}.azurestaticapps.net/authentication/logout-callback",
    "ValidateAuthority": false
  }
}

Noting I added the RedirectUri and PostLogoutRedirectUri values as I have been googling and cross referencing to try to work out what might work! Also the two entries RedirectUriProd and PostLogoutRedirectUriProd values are the ones that are used when I move the solution to Azure (removing the Prod bit and adding Dev to the other two).

Within Program.cs, it is MSAL that is being used for Authentication, with openid and offline_access added for good measure (again - googling and trying to understand what is happening).

            builder.Services.AddMsalAuthentication(options =>
            {
                builder.Configuration.Bind("AzureAdB2C", options.ProviderOptions.Authentication);
                options.ProviderOptions.DefaultAccessTokenScopes.Add("openid");
                options.ProviderOptions.DefaultAccessTokenScopes.Add("offline_access");
            });

With that being the configuration, when I access the solution locally - no problem. When I promote to Azure, two things occur:

1. When accessing the Static Web App via its link from a PC, I can sign-in, yet if I try to sign-out A HTTP 404 error screen is displayed. enter image description here
2. When I attempt to access the same link from my phone (for example, browser doesn't matter), I get the app, yet if I click on "Log in" the screen displays "checking login state" closely followed by a HTTP 404 error.

Examining the URL from the phone attempt, the static app is trying to go to:

https://https://{generated domain prefix}.azurestaticapps.net/authentication/login-callback#state={code}&client_info={code}&code={code}

Which brings me here - I am at a loss. I cannot understand why the two events with the redirects are occurring as everything is as far as I can tell "should" work. I have been searching far and wide to try to find a solution as for the problem I am looking at static web apps (and serverless generally) appears to be the correct match. In fact, the Blazor apps I have been playing with have been working, PC and mobile. Right now it is this authentication bit that has me stumped.

Any guidance is appreciated 🙏

Answer 1

Check your configuration in Azure, I think the problem is in your login-callback configuration in the portal.