commit

Author: Tejasri-Microsoft

docs/ConfigureAppAuthentication.md

@@ -4,10 +4,20 @@
 >
 > `azd up` no longer runs authentication setup automatically. Run the script below after deployment:
 >
-> - Windows: `./infra/scripts/setup_auth.ps1`
-> - macOS/Linux: `sed -i 's/\r$//' ./infra/scripts/setup_auth.sh && bash ./infra/scripts/setup_auth.sh`
+> **Windows:**
+> ```powershell
+> ./infra/scripts/setup_auth.ps1
+> ```
 >
-> See [DeploymentGuide.md § 5.3](./DeploymentGuide.md#53-configure-authentication-manual-script) for details.
+> **macOS/Linux:**
+> ```bash
+> # Remove Windows line endings and run the auth setup script
+> tr -d '\r' < ./infra/scripts/setup_auth.sh > ./infra/scripts/setup_auth.sh.tmp && \
+>   mv ./infra/scripts/setup_auth.sh.tmp ./infra/scripts/setup_auth.sh && \
+>   bash ./infra/scripts/setup_auth.sh
+> ```
+>
+> See [DeploymentGuide.md § 5.3](./DeploymentGuide.md#53-configure-authentication-manual-script) for step-by-step instructions.
 >
 > Follow the portal/manual steps below if:
 > - Your tenant policy prohibits programmatic app registration or secret creation

docs/DeploymentGuide.md

@@ -323,8 +323,13 @@ Run schema registration first to:
 **macOS/Linux:**
 
 ```bash
-sed -i 's/\r$//' ./infra/scripts/register_schemas.sh
-sed -i 's/\r$//' ./infra/scripts/post_deployment.sh
+normalize_script() {
+   local file="$1"
+   tr -d '\r' < "$file" > "${file}.tmp" && mv "${file}.tmp" "$file"
+}
+
+normalize_script ./infra/scripts/register_schemas.sh
+normalize_script ./infra/scripts/post_deployment.sh
 bash ./infra/scripts/register_schemas.sh
 ```
 
@@ -348,8 +353,13 @@ After schema registration completes, upload the sample bundles as a separate exp
 **macOS/Linux:**
 
 ```bash
-sed -i 's/\r$//' ./infra/scripts/upload_sample_data.sh
-sed -i 's/\r$//' ./infra/scripts/post_deployment.sh
+normalize_script() {
+   local file="$1"
+   tr -d '\r' < "$file" > "${file}.tmp" && mv "${file}.tmp" "$file"
+}
+
+normalize_script ./infra/scripts/upload_sample_data.sh
+normalize_script ./infra/scripts/post_deployment.sh
 bash ./infra/scripts/upload_sample_data.sh
 ```
 
@@ -366,8 +376,13 @@ Run authentication setup as an explicit step after post-deployment data setup:
 **macOS/Linux:**
 
 ```bash
-sed -i 's/\r$//' ./infra/scripts/setup_auth.sh
-sed -i 's/\r$//' ./infra/scripts/configure_auth.sh
+normalize_script() {
+   local file="$1"
+   tr -d '\r' < "$file" > "${file}.tmp" && mv "${file}.tmp" "$file"
+}
+
+normalize_script ./infra/scripts/setup_auth.sh
+normalize_script ./infra/scripts/configure_auth.sh
 bash ./infra/scripts/setup_auth.sh
 ```
 

infra/scripts/configure_auth.sh

@@ -573,7 +573,7 @@ echo "  ✓ Web env vars: APP_WEB_CLIENT_ID / APP_WEB_SCOPE / APP_API_SCOPE / AP
 
 # Patch both authConfigs:
 #   - API: add Web client id to allowedApplications
-#   - Both: reset allowedAudiences to only the clientId, normalize openIdIssuer
+#   - Both: set allowedAudiences to clientId and its API scope variant, normalize openIdIssuer
 patch_authconfig() {
   local ca_name="$1"
   local client_id="$2"

infra/scripts/post_deployment.ps1

@@ -415,5 +415,5 @@ if (-not $ApiReady) {
 Write-Host ""
 Write-Host ("=" * 60)
 Write-Host "Post-deployment data setup completed."
-Write-Host "Next manual step: configure authentication using infra/scripts/configure_auth.ps1"
+Write-Host "Next manual step: configure authentication using infra/scripts/setup_auth.ps1"
 Write-Host ("=" * 60)

infra/scripts/post_deployment.sh

@@ -431,5 +431,5 @@ fi
 echo ""
 echo "============================================================"
 echo "Post-deployment data setup completed."
-echo "Next manual step: configure authentication using infra/scripts/configure_auth.sh"
+echo "Next manual step: configure authentication using infra/scripts/setup_auth.sh"
 echo "============================================================"

infra/scripts/register_schemas.sh

@@ -2,7 +2,12 @@
 set -euo pipefail
 
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-tmp_file="$(mktemp)" || { echo "Failed to create temp file" >&2; exit 1; }
+if ! tmp_file="$(mktemp "${TMPDIR:-/tmp}/cpsa-schema.XXXXXX" 2>/dev/null)"; then
+  tmp_file="$(mktemp -t cpsa-schema.XXXXXX 2>/dev/null)" || {
+    echo "Failed to create temp file" >&2
+    exit 1
+  }
+fi
 if ! tr -d '\r' < "$SCRIPT_DIR/post_deployment.sh" > "$tmp_file"; then
   rm -f "$tmp_file"
   echo "Failed to normalize line endings for: $SCRIPT_DIR/post_deployment.sh" >&2

infra/scripts/run_post_deployment.sh

@@ -53,7 +53,12 @@ step_fail() { echo ""; echo "  ❌ Step $1 failed — see errors above."; }
 normalize_line_endings() {
   local script_file="$1"
   local tmp_file
-  tmp_file="$(mktemp)" || { echo "  ❌ Failed to create temp file" >&2; exit 1; }
+  if ! tmp_file="$(mktemp "${TMPDIR:-/tmp}/cpsa-postdeploy.XXXXXX" 2>/dev/null)"; then
+    tmp_file="$(mktemp -t cpsa-postdeploy.XXXXXX 2>/dev/null)" || {
+      echo "  ❌ Failed to create temp file" >&2
+      exit 1
+    }
+  fi
   if ! tr -d '\r' < "$script_file" > "$tmp_file"; then
     rm -f "$tmp_file"
     echo "  ❌ Failed to normalize line endings for: $script_file" >&2

infra/scripts/setup_auth.sh

@@ -2,7 +2,12 @@
 set -euo pipefail
 
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-tmp_file="$(mktemp)" || { echo "Failed to create temp file" >&2; exit 1; }
+if ! tmp_file="$(mktemp "${TMPDIR:-/tmp}/cpsa-auth.XXXXXX" 2>/dev/null)"; then
+  tmp_file="$(mktemp -t cpsa-auth.XXXXXX 2>/dev/null)" || {
+    echo "Failed to create temp file" >&2
+    exit 1
+  }
+fi
 if ! tr -d '\r' < "$SCRIPT_DIR/configure_auth.sh" > "$tmp_file"; then
   rm -f "$tmp_file"
   echo "Failed to normalize line endings for: $SCRIPT_DIR/configure_auth.sh" >&2

infra/scripts/test_configure_auth_preflight.ps1

@@ -128,12 +128,12 @@ $MockAzdPs1Content | Out-File -FilePath (Join-Path $TempDir "mock_azd.ps1") -Enc
 # Write .cmd wrappers — %~dp0 resolves to the directory containing the .cmd file
 @"
 @echo off
-powershell -NoProfile -NonInteractive -ExecutionPolicy Bypass -File "%~dp0mock_az.ps1" %*
+pwsh -NoProfile -NonInteractive -ExecutionPolicy Bypass -File "%~dp0mock_az.ps1" %*
 "@ | Out-File -FilePath (Join-Path $TempDir "az.cmd")  -Encoding ASCII
 
 @"
 @echo off
-powershell -NoProfile -NonInteractive -ExecutionPolicy Bypass -File "%~dp0mock_azd.ps1" %*
+pwsh -NoProfile -NonInteractive -ExecutionPolicy Bypass -File "%~dp0mock_azd.ps1" %*
 "@ | Out-File -FilePath (Join-Path $TempDir "azd.cmd") -Encoding ASCII
 
 # =============================================================================

infra/scripts/test_configure_auth_preflight.sh

@@ -25,7 +25,12 @@ fi
 PASS_COUNT=0
 FAIL_COUNT=0
 
-TEMP_DIR="$(mktemp -d)"
+if ! TEMP_DIR="$(mktemp -d "${TMPDIR:-/tmp}/configure_auth_preflight.XXXXXX" 2>/dev/null)"; then
+  TEMP_DIR="$(mktemp -d -t configure_auth_preflight.XXXXXX 2>/dev/null)" || {
+    echo "❌ Failed to create temp directory" >&2
+    exit 1
+  }
+fi
 trap 'rm -rf "$TEMP_DIR"' EXIT
 
 # =============================================================================