api-management-developer-portal icon indicating copy to clipboard operation
api-management-developer-portal copied to clipboard
verified publisher icon Azure

Issue with callback URL on APIM portal for OAuth

Open kaylakirzinger opened this issue 3 years ago • 7 comments

Every bug report should have precise description and reproduction steps; console traces or source code references are appreciated.

For assistance requests, contact Azure support or submit a post on Stack Overflow. We don't provide support through GitHub Issues. Feature requests can be raised on the Azure Feedback Forum.

Bug description

I demoed this for the MS team a couple weeks ago and was asked to create an issue with the traffic trace attached. Behaviour - I have a sign in with OAuth button on the API reference page of the developer portal. I have configured the callback URL for that sign in to be the API reference page. When i sign in, it kicks me back to the home page instead after the implicit grant interaction.

Reproduction steps

  1. Go to https://ams-dev-scus-core.developer.azure-api.net/apiSandbox
  2. Click on 'Sign in with OAuth
  3. User is redirected to https://ams-dev-scus-core.developer.azure-api.net

Expected behavior

User is redirected (back) to https://ams-dev-scus-core.developer.azure-api.net/apiSandbox

Is your portal managed or self-hosted?

Managed

Release tag or commit SHA (if using self-hosted version)

N/A

API Management service name

coreapi

Environment

  • Operating system: Windows
  • Browser: all - tried in Chrome, Brave, edge
  • Version: [e.g., 22]

Additional context

ams-dev-scus-core.developer.azure-api.txt

kaylakirzinger avatar Apr 07 '22 20:04 kaylakirzinger

@kaylakirzinger, thank you for opening this issue. We will triage it within the next few business days.

msftbot[bot] avatar Apr 07 '22 20:04 msftbot[bot]

@kaylakirzinger, are we talking about Test console OAuth? If yes, in this case your callback URLs need to be taken from one of these fields:

image

These are special endpoints on the backend that required to process the OAuth flow.

azaslonov avatar Apr 07 '22 21:04 azaslonov

I worked with MS folks on this and the behaviour expected is that we should be able to redirect to the "custom reply URL" that is configured in the developer portal sign in button. I have the endpoints you mentioned configured but as mentioned i want the implicit grant to redirect to the page the user is signing in from. image Please see attached image - it allows you to put in a custom callback URL but the functionality does not work.

As an additional question - are you implying that the ONLY place a user can be redirected to upon sign in is those random URLs that are generated in your screenshot above?

kaylakirzinger avatar Apr 08 '22 19:04 kaylakirzinger

@azaslonov, it appears to me that:

  1. This is about the authentication (sign-in/-up), not the test console.
  2. @kaylakirzinger has configured the custom reply URL in the widget, but is not being redirected to that URL after signing in.

mikebudzynski avatar Apr 08 '22 19:04 mikebudzynski

Yes sorry I missed the verbiage there. The token call for the "try it" feature is working fine. This is specifically for signing into the portal via oauth.

kaylakirzinger avatar Apr 08 '22 19:04 kaylakirzinger

@kaylakirzinger, sorry for long response. Do you want the sign-in button to be just on the API reference page or on every page of the website? Just trying to fully understand your scenario.

azaslonov avatar Apr 27 '22 22:04 azaslonov

@kaylakirzinger, we need more information before we start working on this issue. If you prefer to share it in private, please send us an email to [email protected] with the issue number in its subject.

msftbot[bot] avatar Apr 27 '22 22:04 msftbot[bot]