Azure Web App EasyAuth callback throws error
I have an ASP.NET MVC app, running as Azure Web App.
I use pre-authentication/EasyAuth, and for 5 deployment slots it works fine. Each of them has their own Azure AD App Registration.
But the production site (not a deployment slot, root of the app) throws an error when after logging in, at the /.auth/login/aad/callback path:
I have compared Azure AD App manifest with one that works, and the only difference is the names, description and URLs - as expected.
Using Kudu to view an error, it seems to come from the EasyAuthModule:
So, basically this was an issue with the App Registration used, were created from another deployment slot.
Even though Authentication / Authroization for the web app was set up as Express, the correct App Registration was selected - it turns out it did not get the Client Secret transferred from App Registration to the Web App (in my case, it had the wrong key):
To fix it, you can switch to advanced as shown above, open the associated App Registration and create a new key:
The key is not shown until you save, and is only shown once. Copy it, and insert it into the Client Secret input of the Web App.
After saving all the blades, it is possible to switch back to Express auth. setup and the key will remain.