Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Commit

Permalink
allow both https and api for backwards compat
Browse files Browse the repository at this point in the history
  • Loading branch information
stas committed Sep 15, 2021
1 parent 9ea6399 commit afaba3c
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 15 deletions.
8 changes: 3 additions & 5 deletions src/deployment/azuredeploy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@
"app_func_issuer": {
"type": "string"
},
"app_func_audience": {
"type": "string"
"app_func_audiences": {
"type": "array"
},
"multi_tenant_domain": {
"type": "string"
Expand Down Expand Up @@ -283,9 +283,7 @@
"clientSecret": "[parameters('clientSecret')]",
"issuer": "[parameters('app_func_issuer')]",
"defaultProvider": "AzureActiveDirectory",
"allowedAudiences": [
"[parameters('app_func_audience')]"
],
"allowedAudiences": "[parameters('app_func_audiences')]",
"isAadAutoProvisioned": false
}
},
Expand Down
39 changes: 29 additions & 10 deletions src/deployment/deploy.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -383,22 +383,38 @@ def try_sp_create() -> None:
)

if self.multi_tenant_domain and app.sign_in_audience == "AzureADMyOrg":
url = "api://%s/%s" % (
url = "https://%s/%s" % (
self.multi_tenant_domain,
self.application_name,
)
api_url = "api://%s/%s" % (
self.multi_tenant_domain,
self.application_name,
)
if not app.identifier_uris.contains(api_url):
app.identifier_uris.append(api_url)
else:

This comment has been minimized.

Sign in to view

Copy link
@chkeita

chkeita Sep 15, 2021

Contributor

the else clause should be removed it will override the identifier_uris array instead of appending
app.identifier_uris = [api_url]

client.applications.patch(
app.object_id, ApplicationUpdateParameters(identifier_uris=[url])
app.object_id, ApplicationUpdateParameters(identifier_uris=app.identifier_uris)
)
set_app_audience(app.object_id, "AzureADMultipleOrgs")
elif (
not self.multi_tenant_domain
and app.sign_in_audience == "AzureADMultipleOrgs"
):
set_app_audience(app.object_id, "AzureADMyOrg")
url = "api://%s.azurewebsites.net" % self.application_name
url = "https://%s.azurewebsites.net" % self.application_name
api = "api://%s.azurewebsites.net" % self.application_name

if not app.identifier_uris.contains(api_url):
app.identifier_uris.append(api_url)
else:
app.identifier_uris = [api_url]

client.applications.patch(
app.object_id, ApplicationUpdateParameters(identifier_uris=[url])
app.object_id, ApplicationUpdateParameters(identifier_uris=app.identifier_uris)
)
else:
logger.debug("No change to App Registration signInAudence setting")
Expand Down Expand Up @@ -471,20 +487,23 @@ def deploy_template(self) -> None:
if self.multi_tenant_domain:
# clear the value in the Issuer Url field:
# https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient-enterpriseapi-multitenant
app_func_audience = "api://%s/%s" % (
self.multi_tenant_domain,
self.application_name,
)
app_func_audiences = [
"api://%s/%s" % ( self.multi_tenant_domain, self.application_name,),
"https://%s/%s" % ( self.multi_tenant_domain, self.application_name,),
]
app_func_issuer = ""
multi_tenant_domain = {"value": self.multi_tenant_domain}
else:
app_func_audience = "api://%s.azurewebsites.net" % self.application_name
app_func_audience = [
"api://%s.azurewebsites.net" % self.application_name,
"https://%s.azurewebsites.net" % self.application_name,
]
tenant_oid = str(self.cli_config["authority"]).split("/")[-1]
app_func_issuer = "https://sts.windows.net/%s/" % tenant_oid
multi_tenant_domain = {"value": ""}

params = {
"app_func_audience": {"value": app_func_audience},
"app_func_audiences": {"value": app_func_audiences},
"name": {"value": self.application_name},
"owner": {"value": self.owner},
"clientId": {"value": self.results["client_id"]},
Expand Down

0 comments on commit afaba3c

Please sign in to comment.