Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-allow HTTP urls for Azure AD Application properties (revert #1960)? #2130

Closed
tomasaschan opened this issue Oct 22, 2018 · 2 comments · Fixed by #2320
Closed

Re-allow HTTP urls for Azure AD Application properties (revert #1960)? #2130

tomasaschan opened this issue Oct 22, 2018 · 2 comments · Fixed by #2320
Labels
bug service/authentication
Milestone
v1.19.0

Comments

@tomasaschan
Copy link
Contributor

Hi!

I'm wondering if the root cause of #1953 was incorrectly diagnosed, or if maybe Azure have changed their API again. If i peg my azurerm provider version to = 1.15 (i.e. the latest release before the "fix" in #1960 was merged) I can apply the following template without problems:

provider "azurerm" {
  version = "= 1.15"
}

resource "azurerm_azuread_application" "ad_app" {
  name = "tomas-testing"
}

In other words, I cannot reproduce the original issue (#1953).

However, as of #1960 and version 1.16, no URLs on the application can be http, which disallows something like this:

resource "azurerm_azuread_application" "ad_app" {
  name = "tomas-testing"

  reply_urls = ["http://localhost:8080"]
}

Again, this template applies successfully with 1.15 but fails on 1.16. This effectively makes impossible to e.g. set reply urls for AzureAD applications that enable local testing of OAuth flows (without configuring your local development environment to run https).

Is there any chance #1960 could be reverted for the next release, to re-enable this configuration?

PS. This template, touching all three types of URLs and setting them to HTTP-schemed values, also works without problems on 1.15:

provider "azurerm" {
  version = "= 1.15"
}

resource "azurerm_azuread_application" "ad_app" {
  name     = "tomas-testing"
  homepage = "http://tomas-testar.com"

  identifier_uris = [
    "http://tomas-testar",
  ]

  reply_urls = ["http://localhost:8080"]
}
@tomasaschan tomasaschan mentioned this issue Oct 22, 2018
Merged
@tombuildsstuff tombuildsstuff added this to the 1.19.0 milestone Oct 29, 2018
@tombuildsstuff tombuildsstuff modified the milestones: 1.19.0, 1.20.0 Nov 13, 2018
@katbyte katbyte mentioned this issue Nov 15, 2018
Merged
@katbyte
Copy link
Collaborator

katbyte commented Nov 15, 2018

Hi @tomasaschan,

I've been able to verify that http is allowed again. I'm not sure why it wasn't for a while but 🤷‍♀️

I've opened #2320 to revert the change 🙂

@tombuildsstuff tombuildsstuff modified the milestones: 1.20.0, 1.19.0 Nov 15, 2018
@ghost
Copy link

ghost commented Mar 5, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug service/authentication
Projects
None yet
Milestone
v1.19.0
3 participants
@tombuildsstuff @tomasaschan @katbyte