api-management-developer-portal
api-management-developer-portal copied to clipboard
Azure
Delegate product subscription doesn't work when authentication delegation is not enabled
Bug description
When delegation is enabled only for product subscription and not authentication. Clicking on subscribe button for a product results in 404 page. It works fine if I enable delegation for both authentication (sign in/up) and product subscription.
This is not reproducible on legacy developer portal and works fine.
Reproduction steps
- Enable Delegation for product subscription only as shown in the first image in the bug description section.
- Go to the developer portal > products > starter > click on subscribe
-
404page is displayed
The call that fails/returns 404 is https://<service_name>.developer.azure-api.net/delegation-subscribe?productId=starter&userId=foobar-bar-com
Expected behavior
The delegation for product subscription should work seamlessly when Delegate product subscription is only selected on the Azure Portal.
Is your portal managed or self-hosted?
Managed
Environment
- Operating system: MacOS Big Sur
- Browser: Google Chrome
Additional context
Following two observations
- This is not reproducible on legacy developer portal and works fine.
- It works fine if I enable delegation for both authentication (sign in/up) and product subscription on the new portal.
@kashishm, thank you for opening this issue. We will triage it within the next few business days.
![msftbot[bot] avatar](https://avatars.githubusercontent.com/in/26612?v=4 "Published by a pub.dev verified publisher"){kind=small}
By adding this issue to the Backlog project, we have prioritized it for development. You can monitor its status in the project's board.
@mikebudzynski Thanks for adding it to the backlog. It would be great if you could share the expected timeline of this getting fixed and released.
@kashishm, at this moment we don't have an ETA to share. We will let you know when we have any updates.
Just an FYI, this bug is stopping us from moving forward with publishing our API's in Azure API management. Is there an ETA on it yet?
Just an FYI, this bug is stopping us from moving forward with publishing our API's in Azure API management. Is there an ETA on it yet?
We're now investigating the scope of the improvement and we will come back to you with more details shortly.
Just an FYI, this bug is stopping us from moving forward with publishing our API's in Azure API management. Is there an ETA on it yet?
Although we will soon start working on the fix, it will be included in a (bi-)monthly API Management service release. The fix will likely roll out in January due to the deployment freezes during the winter holiday season.
Hi, do you have an update on this?
This bug is stopping us from moving forward with publishing our API's in Azure API management.
Do you have a workaround?
@NicolasHumann, we plan to fix it in the next few weeks. The fix will roll out with a main API Management service release around March or April.
What is the plan. When this fix will be available with managed developer portal. Will the solution fix the below issue also
I am integrating APIM with stripe for Monetization using the below integration code
I had initially user registration and product subscription delegation checked and worked as expected.
But I do not want to use Stripe custom Basic login (through delegation), but instead use existing APIM which is having Azure AD and B2C login. But even if I uncheck "Delegation sign-in & sign-up". Still the delegation url is invoked when Sign-in/ sign-up button is clicked on the developer portal.
Below is the delegation settings also
{
"id": "/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.ApiManagement/service/apim-xxx/portalsettings/delegation",
"type": "Microsoft.ApiManagement/service/portalsettings",
"name": "delegation",
"properties": {
"url": "https://xxx.azurewebsites.net/apim-delegation",
"validationKey": null,
"subscriptions": {
"enabled": true
},
"userRegistration": {
"enabled": false
},
"enabled": false,
"termsOfService": null
}
}
What is the plan. When this fix will be available with managed developer portal. Will the solution fix the below issue also
I am integrating APIM with stripe for Monetization using the below integration code
Same issue here. In the portal settings I've only checked the box to delegate product subscription, not sign-in and sign-up, and clicking the "Sign Up" button in the portal redirects me to the delegation endpoint.
@NicolasHumann, we plan to fix it in the next few weeks. The fix will roll out with a main API Management service release around March or April.
Above comment was from 18-Jan-2022, and now its already more than 5 months. Still I am getting feedback from microsoft support that this fix will take another 1-2 months to be rolled out. Looking at the delay I guess it will move to 2023.
Not sure why Microsoft does not consider this as P0 as the Feature to turn off delegation authentication is not working with managed as well as with self-hosted portal
Previously it was mentioned that the delegation url is still invoked on Sign-in/Sign-up, even if the "Delegation" is unchecked for the Sign-in/Sign-up. The delegation url is also invoked when Sign-out clicked. To replicate, generate the SSO URL using API: https://{{apim-instance}}/subscriptions/{{subscriptionId{}/resourceGroups/{{resourceGroupName}}/providers/Microsoft.ApiManagement/service/{{serviceName}}/users/{{userId}/generateSsoUrl?api-version={{version}}, then use the SSO Url to sign in to the Developer Portal. Clicking Sign-out takes user to the delegation URL.
@ksutin The delegation issue for Sign-out will be fixed with the same release