Azure AD settings (possibly others) can't actually be configured from the configuration provider

[Piedone]

Describe the bug

To Reproduce

1. Use ConfigureAzureADSettings() as instructed in the docs.
2. Observe that no configuration takes effect.

This was added in #12033. The reason nothing happens is there is actually no IOptions or anything referencing AzureADSettings, it always comes from site settings via AzureADService.

Expected behavior

The Azure AD settings partially or fully can be provided by configuration providers like the appsettings file.

Note that other such extension added in #12033 should be checked as well to see if a similar commission exists.

[Piedone]

@hishamco can you take a look at this issue and verify, please?

[hishamco]

Unfortunately I don't have an Azure account, I had one from the old days, but I'm not sure if it's still active

[hishamco]

I will check if it's still valid ..

[Piedone]

Thank you! While having access to an AD is nice, it's not strictly necessary for troubleshooting this.

[hishamco]

Azure AD settings (possibly others) can't actually be configured from the configuration provider

(possibly others) I can check the email settings if that's a case. Is the issue occurs when we have both configuration & database settings? Or is there a certain scenario?

[Piedone]

E-mail settings I happen to know work.

The issue is that as far as I see, there's nothing that would make ConfigureAzureADSettings() take effect, since the provider-based configuration is never accessed.

[Piedone]

Is this something you'll look into in the foreseeable future, @hishamco, or do you need help?

[hishamco]

If someone from your side has access to AAD it would be better, meanwhile I will check a new bug reported in localization

[Piedone]

You don't need AAD access for this. The only thing you need to check is whether after the fix (or rather, after implementing the logic necessary to actually load settings from the provider) is whether AzureADSettings is correct where it is retrieved.

[hishamco]

@Piedone seems there was a lack on the docs, when we add ConfigureAzureADSettings() on the OC.Cms.Web as the following:

builder.Services
    .AddOrchardCms()
    .AddSetupFeatures("OrchardCore.AutoSetup")
    .ConfigureAzureADSettings();

you can able to get the configuration from appsettings.json with IOptions<AzureADSettings>

I just spent an hour or less experiments reading the configuration from admin area as well as the configuration methods introduces in #12033

I will continue checking the other AUTH providers as well to make it sure that everything is working fine

Correct me if I miss some of your reproduced steps

[Piedone]

So you're saying it matters whether it's called on OrchardCoreBuilder after AddOrchardCms() vs inside it? That's not how it should be, because every other such method, including AddSetupFeatures(), can be used in the delegate of AddOrchardCms():

builder.Services
    .AddOrchardCms(orchardCoreBuilder =>
    {
        orchardCoreBuilder
            .AllowMiniProfilerOnAdmin()
            .AddSetupFeatures("OrchardCore.AutoSetup")
            .ConfigureAzureADSettings();
    });

[hishamco]

What I mean is whenever you call it via OrchardCoreBuilder the settings will come from configuration instead of admin area, I think that is what supposed to be. Am I right?

[Piedone]

Not really. In both cases it's a method call on OrchardCoreBuilder so this difference shouldn't be there. I don't understand why there is, BTW, since all such configuration methods do the same, with PostConfigure().

[jtkech]

@Piedone @hishamco

Just checked for AzureADSettings, unlike some it is never injected as e.g. IOptions<AzureADSettings> and there is no IConfigureOptions<AzureADSettings> that would use the site settings to configure these options, and that we could PostConfigure() with an extension.

In fact here it is a little more complex, there is a AzureADOptionsConfiguration that uses the related site settings sections, but this is not an IConfigureOptions<AzureADSettings>, because in fact this class is used to configure others AspnetCore options as I saw in the module startup.

// The net5.0 5.0.3 build obsoletes 'AzureADOptions' and 'AzureADDefaults', 'Microsoft.Identity.Web' should be used instead.
// The build warning is disabled temporarily until the code can be migrated.

ServiceDescriptor.Transient<IConfigureOptions<AuthenticationOptions>, AzureADOptionsConfiguration>(),
ServiceDescriptor.Transient<IConfigureOptions<AzureADOptions>, AzureADOptionsConfiguration>(),
ServiceDescriptor.Transient<IConfigureOptions<PolicySchemeOptions>, AzureADOptionsConfiguration>(),

So this is the above aspnetcore options that would need to be post configured from values coming from the configuration, and by looking what the config helper AzureADOptionsConfiguration does.

Also take care about the commented obsoletes warnings.

[hishamco]

Just checked for AzureADSettings, unlike some it is never injected as e.g. IOptions and there is no IConfigureOptions that would use the site settings to configure these options, and that we could PostConfigure() with an extension.

You 're right @jtkech I saw this yesterday, same thing for other social AUTH providers