I'm experiencing an authentication redirect loop with an Azure Static Web App (SWA) when hosting it under a sub-path. Here's my scenario:
Current Setup:
- Azure Static Web App with Azure AD authentication
- Routing: Azure Front Door -> APIM -> SWA
- Desired URL pattern:
https://{application-domain}/help
The Problem:
When the SWA runs on its own domain, authentication works perfectly. However, when hosted under the /help path, it creates an endless redirect loop during Azure AD authentication.
What I've Observed:
- In the working scenario (standalone domain), after Azure AD authentication, the flow is:
.auth/login/aad/callback->.auth/complete
- In the failing scenario (sub-path), the flow is:
.auth/login/aad/callback->.auth/login/aad(loops)
Current Configuration:
{
"$schema": "https://aka.ms/azure/static-web-apps-cli/schema",
"navigationFallback": {
"rewrite": "/Index.html"
},
"forwardingGateway": {
"allowedForwardedHosts": [
"{app-domain}"
]
},
"routes": [
{
"route": "/help/*",
"rewrite": "/*"
},
{
"route": "/*",
"allowedRoles": ["authenticated"]
}
],
"responseOverrides": {
"401": {
"statusCode": 302,
"redirect": "/.auth/login/aad"
}
},
"auth": {
"identityProviders": {
"azureActiveDirectory": {
"registration": {
"openIdIssuer": "https://login.microsoftonline.com/{tenant-id}/v2.0",
"clientIdSettingName": "ClientId",
"clientSecretSettingName": "ClientSecret"
}
}
}
}
}
What I've Tried:
- Configured correct return URLs in App Registration
- Added forwarded host header in APIM
- Whitelisted the forwarded host in SWA config
- Prepended the Location header with
/help/via APIM policy
Questions:
- What might be causing this redirect loop when hosting under a sub-path?
- Is there a way to debug/trace the SWA built-in auth mechanism?
- Is there a specific configuration needed for sub-path hosting with Azure AD authentication?
Any help would be greatly appreciated!
Tags: azure azure-static-web-apps azure-ad authentication azure-api-management
