Comments (10)
mkarmark
commented on May 9, 2024
2
No we are not adding a client principal header when a user is not logged in cause there is no client principal to add to the header.
from static-web-apps-cli.
itpropro
commented on May 9, 2024
If I get the documentation right, the anonymous role should apply to all unauthenticated users (even without login) and as soon as logged in, the roles should include authenticated but not anonymous anymore, correct @anthonychu ?
from static-web-apps-cli.
anthonychu
commented on May 9, 2024
I think that's actually incorrect. If you hit the /.auth/me endpoint or read functions the client principal header when not logged in, they are null/empty. I'm unsure what happens if you use the anonymous role in routes authorization rules. @mkarmark can help confirm behavior.
from static-web-apps-cli.
mkarmark
commented on May 9, 2024
When determining if a user is authorized to access a route, the behavior is what @itpropro describes. @anthonychu, is the concern that /.auth/me shows null/empty without logging in? That's because there isn't a user principal to display.
from static-web-apps-cli.
manekinekko
commented on May 9, 2024
@anthonychu @mkarmark I understand that when a user is logged in, we should append the authenticated role to the user principal's userRoles array, like so:
{
"identityProvider": "facebook",
"userId": "d75b260a64504067bfc5b2905e3b8182",
"userDetails": "[email protected]",
"userRoles": ["authenticated" ]
}However, where should we propagate the anonymous role if the user isn't logged in? Since the user principal is null.
from static-web-apps-cli.
itpropro
commented on May 9, 2024
I also asked myself, how this would work with anonymous @manekinekko. I was talking about this part from the documentation:
Every user who accesses a static web app belongs to one or more roles. There are two built-in roles that users can belong to:
anonymous: All users automatically belong to the anonymous role.
authenticated: All users who are logged in belong to the authenticated role.
This implicitly states that if a user is not logged in, he still holds the anonymous role. Is this just unclear documentation or is the proxy actually adding a clientPrincipal object to the header with the anonymous role that is not exposed to the /.auth/me endpoint @mkarmark ?
from static-web-apps-cli.
manekinekko
commented on May 9, 2024
Thank you @mkarmark for confirming that.
from static-web-apps-cli.
manekinekko
commented on May 9, 2024
Adding @craigshoemaker who wrote that documentation. Craig, could you provide more details about the anonymous role from this part of the docs?
anonymous: All users automatically belong to the anonymous role.
authenticated: All users who are logged in belong to the authenticated role.
from static-web-apps-cli.
anthonychu
commented on May 9, 2024
@manekinekko Just tried this and it looks like logged in users are in authenticated role but not anonymous. Can we add anonymous too?
from static-web-apps-cli.
manekinekko
commented on May 9, 2024
Added in 39f5dfb
from static-web-apps-cli.
Related Issues (20)
- Deploying to production environment not working as expected HOT 1
- Deploy from terminal shows no error when failing HOT 2
- Azure Function .net 8.0 deploy error HOT 2
- SWA dotnet 8.0 starter template HOT 2
- Wrongly reported Node compatibility HOT 8
- Wildcard routes aren't supported properly in config HOT 2
- Outdated dependencies with moderate severity security issues (CVE-2023-45857) HOT 1
- Deploy purely static pages to SWA without creating a `public` subfolder HOT 2
- Unable to deploy SWA from Ubuntu ( `ubuntu-latest` on Azure Pipelines Hosted Agent)
- Deploying Blazor WASM to Azure Static Web App from Visual Studio
- Azure Static Web Apps Cli command failing on Linux
- Flaky CLI deployment HOT 3
- swa-cli.config.json "run" field <undefined>when "npm run vite:dev". Vite never runs
- SWA CLI and Visual Studio debugger does not connect in Visual Studio 17.8.6 HOT 1
- Dependency on json.schemastore.org breaks CLI HOT 21
- Pipelines fail due to https://json.schemastore.org/staticwebapp.config.json network timeout HOT 2
- Failed to load staticwebapp.config.json schema. Continuing without validation! HOT 3
- Old Data API builder version used HOT 2
- Custom SWA roles don't work in Data API builder HOT 1
- Deploy fails with no feedback, application is not deployed, stuck in "Uploading" forever HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from static-web-apps-cli.