Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
1,173 questions
Issues with Azure Static Web App Custom Authentication and MSAL React
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 43%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
Ulf
0
Reputation points
Using Azure Static Web App with custom AAD authentication requires users to log in before accessing the website. The application is a single-page React application, utilizing MSAL React for automatic sign-in and token acquisition for multiple third-party backends.
Some users experience issues logging in, encountering an infinite loop of the select account prompt. MSAL logs indicate that the active account is never set after logging in via AAD; the user is redirected back to the application without setting an active account.
This issue appears intermittently, particularly affecting users who are logged into their own accounts in the web browser or may be using a work account on their computers. Since most users can log in successfully, the callback URLs seem properly configured in the app registration, and affected users can log in through incognito/inPrivate tabs.
The route setup in the static web app config is as follows:
"routes": [
{
"route": "/*",
"allowedRoles": [
"authenticated"
]
}
],
The responseOverrides property for redirecting unauthorized users to login is configured like this:
"responseOverrides": {
"401": {
"statusCode": 302,
"redirect": "/.auth/login/aad"
}
}
Any help or guidance is appreciated!
Azure Static Web Apps
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 36%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Shree Hima Bindu Maganti 4,775 Reputation points Microsoft External Staff Moderator2024-11-26T05:42:34.4566667+00:00 Hi Ulf,
Welcome to the Microsoft Q&A Platform!
To address the Azure Static Web App custom authentication issue with MSAL React,
- Verify the
activeAccountis set after login by callinginstance.setActiveAccount(response.account)in the login success callback. - Use the
onAccountChangedevent to detect and handle account changes. - Confirm callback URLs in Azure AD App Registration include all possible variations (e.g.,
https://yourapp.azurestaticapps.net/.auth/login/aad/callback). - Advise users to clear browser cookies and cache for the app domain.
- Use
interactionType: popupto avoid full-page redirection loops. - Implement logic to handle multiple logged-in accounts explicitly, prompting users to select the correct account if necessary.
- Ensure the
responseOverridesconfiguration for401includes a proper redirect URL to reinitiate authentication. - For affected users, suggest using Incognito/InPrivate mode to rule out cached account issues.
- Review MSAL logs for the error and ensure proper token acquisition is occurring without unnecessary redirects.
- Use Azure Application Insights to track and diagnose authentication flow errors.
If the answer is helpful, please click "Accept Answer" and kindly upvote it.
- Verify the
-
Shree Hima Bindu Maganti 4,775 Reputation points Microsoft External Staff Moderator
2024-11-27T02:41:04.45+00:00 Hi Ulf,
Following up to see if you have chance to check my previous response and help us with requested information to check and assist you further on this.
-
Ulf 0 Reputation points
2024-11-27T07:48:51.6+00:00 Hi! Thank you for your reply!
- Verify the
activeAccountis set after login by callinginstance.setActiveAccount(response.account)in the login success callback. We are setting the active account, but after log in and the redirect back to the application we can see that no accounts exists. - Use the
onAccountChangedevent to detect and handle account changes. I will investigate this. - Confirm callback URLs in Azure AD App Registration include all possible variations (e.g.,
https://yourapp.azurestaticapps.net/.auth/login/aad/callback). What more variations can it be here? This is what we have in the App Registraion. - Advise users to clear browser cookies and cache for the app domain. We have tried that and that did not help.
- Use
interactionType: popupto avoid full-page redirection loops. We want to log the user in directly when visiting the page, and it's my understanding that a popup must be initiated from a user action. I will try this however and see if this solves the issue. - Implement logic to handle multiple logged-in accounts explicitly, prompting users to select the correct account if necessary. We don't have any accounts for the users when they are redirected back to our application.
- Ensure the
responseOverridesconfiguration for401includes a proper redirect URL to reinitiate authentication. Given my example above, this is a proper redirect URL I assume? - For affected users, suggest using Incognito/InPrivate mode to rule out cached account issues. Yes, when they use incognito it works for them and they can log in. So my thesis is that maybe it has something to do with the MS account they are signed in with, either on the computer itself or the browser. This account does not belong to my tenant.
- Review MSAL logs for the error and ensure proper token acquisition is occurring without unnecessary redirects. We don't get any errors, but what I can see is that no account has been set after the redirect, so MSAL is triggering another redirect.
- Use Azure Application Insights to track and diagnose authentication flow errors. We are using this and the Verbose logging for our environment to troubleshoot login issues with our users.
- Verify the
-
Shree Hima Bindu Maganti 4,775 Reputation points Microsoft External Staff Moderator
2024-11-28T13:20:10.2233333+00:00 Hi Ulf,
Following up to see if you have chance to check my previous response and help us with requested information to check and assist you further on this.
-
Shree Hima Bindu Maganti 4,775 Reputation points Microsoft External Staff Moderator
2024-11-29T12:21:55.5733333+00:00 Hi Ulf,
Following up to see if you have chance to check my previous response and help us with requested information to check and assist you further on this.
Sign in to comment
Sign in to answer