You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PLEASE DO NOT CREATE ISSUES RELATED TO MANAGED DEVELOPER PORTAL IN THIS REPOSITORY. Issues related to "Managed developer portal" will be closed automatically. Managed developer portal issues should be created directly in Azure Support + Troubleshooting in Azure portal. Contact Azure support (or) submit a post on Stack Overflow. Feature requests can be raised on the Azure Feedback Forum.
Every self-hosted developer bug report should have precise description and reproduction steps; console traces (or) source code references are appreciated.
Bug description
When the OAuth 2.0 Auth Server for the Developern Portal contains upper case letters in its name/Id the Auth Code with PKCE Flow does not work because of insistent Redirect URIs casing. (First request uses lowercase, second uppercase). Because of that the Entra ID and potential every other IDP rejects the login request because the redirect URIs do not match.
Reproduction steps
Go to in Azure Portal go to APIM > Deverloper Portal > OAuth 2.0 + OpenID Connect
Click on 'Add'
Create an OAuth 2.0 Auth Server with uppercase in the Id. For example: "OAuth2".
Assign the Auth Server to an API
Go to Developer Portal and try out the API
Select "authorization_code (PKCE)" as the Authorization Flow
Pop Up appears which tries to login the user
Login fails because redirect URI for the first (auth) request is not the same as for the second (token) request. For example, with Entra ID the following Error is shown:
Important
PLEASE DO NOT CREATE ISSUES RELATED TO MANAGED DEVELOPER PORTAL IN THIS REPOSITORY. Issues related to "Managed developer portal" will be closed automatically. Managed developer portal issues should be created directly in Azure Support + Troubleshooting in Azure portal. Contact Azure support (or) submit a post on Stack Overflow. Feature requests can be raised on the Azure Feedback Forum.
Every self-hosted developer bug report should have precise description and reproduction steps; console traces (or) source code references are appreciated.
Bug description
When the OAuth 2.0 Auth Server for the Developern Portal contains upper case letters in its name/Id the Auth Code with PKCE Flow does not work because of insistent Redirect URIs casing. (First request uses lowercase, second uppercase). Because of that the Entra ID and potential every other IDP rejects the login request because the redirect URIs do not match.
Reproduction steps
{"error":"invalid_client","error_description":"AADSTS500112: The reply address 'https://api-portal.example.com/signin-oauth/code-pkce/callback/OAuth2' does not match the reply address 'https://api-portal.example.com/signin-oauth/code-pkce/callback/oauth2' provided when requesting Authorization code.}
Expected behavior
Correctly login the use and get an Access Token.
Is self-hosted portal?
No (and Yes)
Warning
"Managed developer portal issues" will be closed automatically. See above for more details.
Release tag or commit SHA (if using self-hosted version)
2.34.0
API Management service name
N/A
Environment
N/A
Additional context
For first request makes URL lowercase: https://github.com/Azure/api-management-developer-portal/blob/master/src/services/oauthService.ts#L197
But second request does not (but it should too): https://github.com/Azure/api-management-developer-portal/blob/master/src/services/oauthService.ts#L213