Share via

Static Web App Custom authentication: issue with accent/special char in name of a user

Blaise Lugeon 26 Reputation points
2022-03-22T08:08:27.9+00:00

Hello,

I use the custom authorization with a Static Web App, as describe in:

I use Node.js in the Azure function, but probably it is not the relevant.
It works well as long as there is no accent/special char in the name of a user in the AD.

As soon as one accent is present in the user name, the custom authentication Azure function does not work anymore, resulting is an HTTP 403 error.
The root cause is a not conform user = req.body structure, which does not allow to get the token (user.accessToken throw an exception)

I found a workaround by stringify the user var, correct the format (double quote removal, adding missing char at the end), to get again a valid json, and getting again the access token to go on with the normal process.

This workaround works only with:

  • Azure Active Directory Version 2 (otherwise the access token signature is not valid)
  • With no more than 3 accents in the user name (after the token is not complete anymore)

Is there a "clean solution" (specifying the encoding type somewhere?) or any plan to correct this bug?
It is really a blocking issue for all countries using accent/special char in the AD....

Best regards

Blaise

Microsoft 365 and Office Development Microsoft 365 Publishing
Azure Static Web Apps
Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
1,173 questions
Microsoft Security Microsoft Entra Microsoft Entra ID
Accepted answer
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2022-04-04T20:45:19.203+00:00

    Hi anonymous user,

    I discussed this issue with some contacts on the product team and they confirmed that this is a by-design behavior. This is a limitation from the Office 365 workload and not on the Azure AD side as user names are part of the Microsoft 365 workload. At the server side (AAD) the interpretation of the user name depends on what is supported by office. Special character limitations for user names in Microsoft 365 are provided here.

    If you are concerned about the token claims though, they should be parsed as-is with the special characters. For reference, see How does SSO deal with accent marks? But if the user name is not recognized by the Microsoft 365 workload, the access token will not be received.

    If you would like to request more support for special characters in Microsoft 365, you can create a feature request here. I have also created a request and bubbled this up with the product team. I added a Microsoft 365 tag to this thread, but they also have a forum in Tech Community.

    Best,

    Marilee

    -

    If this answer was helpful to you, please consider "marking as answer" so that others in the community with similar questions can more easily find a solution.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.