azure-ad-b2c / vscode-extension Goto Github PK
View Code? Open in Web Editor NEWAzure AD B2C VS code extension
License: MIT License
Azure AD B2C VS code extension
License: MIT License
When running the Build-CustomPolicies.ps1 script on MacOS, the file paths are getting merged incorrectly and I get errors like this:
Could not find a part of the path '/Users/xxxxx/Example/CustomPolicies/Environments/Development/Users/xxxxx/Example/CustomPolicies/TrustFrameworkExtensions.xml'
This might have to do with differences in how Get-ChildItem
works on Windows vs Unix-like systems, but I found adding the flag to return only filenames fixes the issue:
$XmlPolicyFiles = Get-ChildItem -Path $FilePath -Filter *.xml
turns into
$XmlPolicyFiles = Get-ChildItem -Path $FilePath -Filter *.xml -Name
I can make a PR if that's helpful.
I've followed the steps in your article that linked to the instructions in configuring the VSCode to upload a custom policy doc, by configuring Graph API with B2C (https://github.com/azure-ad-b2c/vscode-extension/blob/master/src/help/policy-upload.md)
When i do a SHIFT + CTRL + U in VS code I get a login prompt, I copy the code into the web page, login and get the message "You have signed in to the Graph API application on your device. You may now close this window."
When do SHIFT + CTRL + U again I get the same login prompt in VS Code!?
When setting the Reply URL for the Graph Api in B2C I set it to https://[MyB2CTenant].b2clogin.com/oauth2/nativeclient
Is this a bug, what should happen from VSCode once I have logged in?
Using VSCode 1.45.1 on WIndows 10
We have been using the App Insights integration to monitor user activity over B2C tenant, and we noticed policies being duplicated in the view, once stated with Capital letters once with lower letters. See attached screenshot. As the name of the policy in the logs is same we were wondering what might be the root cause of this.
I'd like to be able to do this:
<!--Sample action required: replace with your endpoint location -->
<Item Key="METADATA">{Settings:AzureAppServiceUrl}/.well-known/openid-configuration</Item>
When I run b2c build, {Settings:AzureAppServiceUrl}
value is not replaced.
Where:
"AzureAppServiceUrl": "https://myapp.azurewebsites.net"
From the readme this should work out of the box but somehow it doesn't.
If I do:
<Item Key="METADATA">{Settings:Tenant}/.well-known/openid-configuration</Item>
it works... but if I do:
<Item Key="METADATA">{Settings:AzureAppServiceUrl}/.well-known/openid-configuration</Item>
it doesn't replace with the value I set and keeps this as a result in the transformed file:
<Item Key="METADATA">{Settings:AzureAppServiceUrl}/.well-known/openid-configuration</Item>
Hi,
I've configured in appsettings.json folderpath to be "EnvironmentsFolder": "release"
configured extension workspace settings with respective env name.
Execute the upload all policy and extension cannot locate the folder :-(
Looked up in code and looks to me hard-coded value and it expects the Environment folder name to be 'Environment'
I reverted my config to match the name and tried it worked.
vscode-extension/src/PolicyUpload.ts
Line 46 in 9e5606d
Bug
aadb2c
1.3.0
Windows_NT x64 10.0.19043
1.55.2
Maybe I am doing something wrong, but when I try the policy build no policies are generated. The only thing that gets generated are the directories, but they are all empty.
Would it be possible to add the feature that allows a single VSCode folder to contain several policy files that only get uploaded to certain environments?
Example:
One source control folder with all policy files open in VSCode. Three environments. en-a, en-b, en-c
Some common policy files would be uploaded to all environments. But certain policy files would only be uploaded to en-a, or en-b, or en-c
Application Insights
Policy: B2C_1A_SIGNIN
Correlation Id: 02fcd83d-553a-4743-b8cb-e3c73dc1cb87
App insights Id: dfbef799-bd62-11ed-a10a-002248291c02, dfbef795-bd62-11ed-a10a-002248291c02 (The report shows a combination of two Application Insight entities)
App insights timestamp: 2023-03-07 19:39:02
User journey is completed: Unknown (JSON parse exception)
Orchestration steps: , 3, 2, 2
Internal error
Failed to parse App Insights JSON data: Unexpected token o in JSON at position 0
There are a couple issues lurking behind the scenes in this part of the code when you change the defaults in the appsettings.json file and expect the Policies to be built from "PoliciesFolder" into the "EnvironmentsFolder"
I believe the provided PoliciesFolder setting should be used to scan for policies. If it's null scan from the root only instead.
Later when creating the environmentsRootPath variable you join with the hardcoded value "Environments" instead of using the provided EnvironmentsFolder setting.
I see that there are new Filename and PolicyFileName parameters, but there is very little explanation on how to use them. I looked at the source and I was wondering if this could be used to rename xml files on build For exemple, I would like to have some "versioned" files with a suffix in the name to be able to deploy them in my dev tenant without impacting other developpers and testers. I added a custom settings "VersionNumber": "1234" in my appsettings file and used it in my policies like :
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0"
TenantId="{Settings:Tenant}"
PolicyId="B2C_1A_TrustFrameworkBase{Settings:VersionNumber}"
PublicPolicyUri="http://{Settings:Tenant}/B2C_1A_TrustFrameworkBase{Settings:VersionNumber}"
TenantObjectId="{Settings:TenantObjectId}">
This produces the files with correct values, but with the same B2C_1A_xxxxx.xml filename in my Environment folder. I'd'like to know if it is possible to rename all the xml files generated in this environment? Like maybe use the PolicyId when generating the name? For exemple, since I modified it in my policy, the xml file should be B2C_1A_TrustFrameworkBase1234.xml
Is there a way to register the application for the upload policy feature using the new App Registration experience? My tenant no longer allows the legacy experience.
Is is possible to have a set of PolicySettings values that are common across all Environments. If the same setting is declare in a given environment section, it is overridden?
eg:
{
"Defaults" : [{
"PolicySettings" : {
"Setting1" : "Foo",
"Setting2" : "Bar",
... etc
}
]},
"Environments" : [{
"Name" : "Test",
"PolicySettings" : {
"Setting1" : "Alpha",
"Setting3" : "Beta",
.... etc
}
}]
}
So "Setting1" and "Setting2" have a default of "Foo" and "Bar" respectively.
For the environment "Test",
Extension version: 1.2.101
Description of bug:
Build is recursively populating the Environments folder until VS Code crashes.
It appears that this only happens if you build when there is a pre-existing Environments folder there.
I downgraded to 1.2.93 and things work normally again. Haven't tried all the versions in between.
Reproduction steps:
{
"Environments": [
{
"Name": "Sandbox",
"Production": false,
"Tenant": "yourtenant.onmicrosoft.com",
"PolicySettings" : {
"PolicySuffix": ""
}
},
{
"Name": "Testing",
"Production": false,
"Tenant": "yourtenant.onmicrosoft.com",
"PolicySettings" : {
"PolicySuffix": ""
}
}
]
}
I'm not getting any Trace info in VSCode - get error "Application Insights produced empty results"
I can see the Trace information is being logged in App Insights ... it just not getting to the VSCode panel
I have some experimental custom policies that I want to manage within the same project but with separate implementations. To enable this, I'd like the extension's "Build policies" task to support folders other than the root folder so that it will work if I have the following file structure:
- Experiment1
- TrustFrameworkBase.xml
- TrustFrameworkExtensions.xml
- appsettings.json
- Experiment2
- TrustFrameworkBase.xml
- appsettings.json
This also matches the AD B2C sample implementations repo https://github.com/azure-ad-b2c/samples/tree/master/policies
I can use build all policies just fine, but when I try to Upload All Policies
the command fails with No B2C policies found in <no value here>
. I can upload individual policies as well.
My template policy documents exist within a policy_documents
folder within my repo, and this structure is duplicated within the Environments
directory. Placing my templates in to the repo root and re-building changes the Environment
directory structure, and the error message becomes settings:tenant is neither a valid DNS name, nor a valid external domain
. The tenant setting is indeed set correctly, so I'm not sure why this doesn't work correctly.
For now I can just upload individual policies for testing.
Would be useful to support environment substitution in HTML templates for custom content definitions. If, for example, I was to create a sub-folder called templates in the same folder as the policy xml files and run the Policy Build tool for an environment it could apply the environment transformations to those files also to replace things like absolute references to resources in the storage account hosting to the content (e.g. images, styles etc. )
Extension version: 1.3.2
I have a series of policy files, each of which contains either BuildingBlocks
, ClaimsProviders
, UserJourneys
, or RelyingParty
elements. When I use the extensions "Policy Build" command (Ctrl + Shift + 5 shortcut), the policies are not built and I see the following stack trace in the Dev Tools:
ERR Cannot read property 'journeys' of undefined: TypeError: Cannot read property 'journeys' of undefined
at Policy.hasPolicyId (c:\Users\<name>\.vscode\extensions\azureadb2ctools.aadb2c-1.3.2\out\OrchestrationStepsRenumber.js:114:29)
at Policy.process (c:\Users\<name>\.vscode\extensions\azureadb2ctools.aadb2c-1.3.2\out\OrchestrationStepsRenumber.js:146:40)
at Policy.process (c:\Users\<name>\.vscode\extensions\azureadb2ctools.aadb2c-1.3.2\out\OrchestrationStepsRenumber.js:135:23)
at Function.RenumberPolicies (c:\Users\<name>\.vscode\extensions\azureadb2ctools.aadb2c-1.3.2\out\OrchestrationStepsRenumber.js:52:20)
at c:\Users\<name>\.vscode\extensions\azureadb2ctools.aadb2c-1.3.2\out\PolicyBuild.js:61:62
at processTicksAndRejections (internal/process/task_queues.js:93:5)
It looks like a recent PR ( #69 ) references this.journeys.has(...)
in hasPolicyId
which is causing this issue.
Should this read this.base.journeys.has(...)
instead?
Rolling back to 1.3.1 allows me to build policies again.
I have various custom policies files which override a particular orchestration step of the base user journey. Building multiple times the same files lead to different behaviors:
For example, this is a custom policy (B2C_1A_signin_aad_exlibris_JWT) file which overrides the SendClaims OrchestrationStep n.7
Building the policy, the orchestration step is renumbered:
Rebuilding the policy (without resetting the Order to 7), the orchestration step renumbering is skipped:
This inconsistent behavior may lead to errors while uploading policies, especially if you override the SendClaims OrchestrationSteps, because you'll end up having 2 SendClaims steps which is not allowed. In the worst case, when you're not overriding the SendClaims step, you could upload policies successfully but the logic will be completely broken at runtime.
I have noticed that the later versions > 1.2.106 do not put the logs in the correct order.
I have a custom policy with a SubJourney. With v1.2.106 it looks like this:
The SubJourney covers covers the steps 2,3,4 (9:22:08) and 9,10,11 (9:22:48) - As you can see step 9 is not in the right order but it is on it own entry so that is generally fine.
When I update to anything > 1.2.106 the order is a mess, here is the order for the same transaction on 1.3.
When the order is messed up it is impossible to trace though as the logs do not seem to contain all the data for each step.
Is this caused by having SubJourneys?
I installed this extension on my new machine and started to use modify my policies however Find all reference feature is not working. I am not sure if i am missing something or this is some type of bug.
Is there any open issue related to this?
I created a environment with Azure Pipeline, but I can't automate all steps in deploy (for example, I have two environments HML & PROD, but to deploy I have to build policies and push to master)
Summary:
Implemment Auto build on ctrl-s (save) in VSCode could be a solution
Attempting to use the VSCode Extension for B2C on a Mac does not load the B2C tools. Even-though the custom policy xml file is open.
v1.2.93
Version: 1.49.1
Commit: 58bb7b2331731bf72587010e943852e13e6fd3cf
Date: 2020-09-16T23:21:17.533Z (5 days ago)
Electron: 9.2.1
Chrome: 83.0.4103.122
Node.js: 12.14.1
V8: 8.3.110.13-electron.0
OS: Darwin x64 19.6.0
macOSCatalina - 10.15.6
I used to be able to open a policy xml file and the outline of the content would be available in "AZURE AD B2C POLICY EXPLORER". Somehow it stopped working suddenly. I tried to disable/enable and uninstall/reinstall it but couldn't get it back. What can I do now?
Hello Team.
I hope you are doing wel. I am reaching out to inform you of a critical security matter. After cloning the repository, I have identified several vulnerabilities across multiple dependencies. These issues range in severity.
Key Vulnerabilities identified:
Upgrading these dependencies will not only resolve the current vulnerabilities but will also enhance the overall security posture of the project.
Allow a special {Setting:Filename}
token to be used within the B2C Build Policy
command that will be replaced with the name of the file on disk.
Notes:
.XML
)B2C_1[A]_
if a developer included that in the filenameFilename
value in the appsettings.json
Examples:
Filename | Value of {Setting:Filename} |
---|---|
TrustFrameworkBase.xml | TrustFrameworkBase |
TrustFramework.Base.xml | TrustFramework_Base |
PasswordReset.xml | PasswordReset |
B2C_PasswordReset.xml | PasswordReset |
B2C_1A_PasswordReset.xml | PasswordReset |
B2C_1_PasswordReset.xml | PasswordReset |
Password.Reset.xml | Password_Reset |
Password_Reset.xml | Password_Reset |
Note - I am not 100% sold on the removal of B2C_1[A], because a developer can add or remove that in his/her Policy files where they will use.
In most cases, I am finding that I am creating a file that is the same as the Policy Name/ID. I could simplify my policy header if the {Setting:Filename}
token could just match the name of the file in my repository.
We like your B2C extension.
However, we realized it is not compatible with azure AD B2C China: tenant.partner.onmschina.cn
MSGraphTokenHelper.ts
PolicyUpload.ts
vscode-extension/src/PolicyUpload.ts
Line 246 in 9e5606d
I've followed the instructions here, however, when I attempt to sign in to azure, I get the following error:
AADSTS500113: No reply address is registered for the application.
To be clear, I am doing the following after I have registered the graph API permitted application on Azure:
Do I need setup a redirect link or something in the application auth settings:
Thanks
The policy build shows that the policies have successfully exported. But when looking into the policy root folder, no environments are created.
VS Code Version: 1.47.2
azureadb2ctools.aadb2c Version: v1.2.92
From the Extension log file:
[2020-07-23 17:09:15.203] [exthost] [error] [AzureADB2CTools.aadb2c] provider FAILED
[2020-07-23 17:09:15.203] [exthost] [error] Error: Illegal argument, contents must be defined
at new B (c:\Program Files\Microsoft VS Code\resources\app\out\vs\workbench\services\extensions\node\extensionHostProcess.js:440:527)
at new B (c:\Program Files\Microsoft VS Code\resources\app\out\vs\workbench\services\extensions\node\extensionHostProcess.js:429:431)
at c:\Users\ansary.rd.vscode\extensions\azureadb2ctools.aadb2c-1.2.92\out\HoverProvider.js:38:28
at processTicksAndRejections (internal/process/task_queues.js:85:5)
I have been using this extension and love it however day one for this feature never worked.
Find All reference or shift+aly+F12 does not work
I could successfully upload just one policy with this new method described here.
However at the end of this doc it's mentioned that it's possible to upload all policies at once. For this to happen we need to set the default environment name:
The default environment name in the extension's settings needs to be configured before using 'Upload all policies' command.
I'm using the extension v. 1.2.74
right now... I couldn't find the place to set the default environment name.
Can you explain where it is or the extension in Visual Studio code still needs to be updated?
Thanks.
Hey team, my team is building some custom AD B2C policies and I'm looking to embed some XML metadata in my custom policy files. Production metadata is different than dev, so I'd like to be able to specify the metadata in the appsettings.json policy. However, adding the XML metadata in appsettings causes errors that leave the policy unable to be built. I've tried escaping double quotes in the metadata with single, double, and triple backslashes and removing line breaks, but none of this will resolve the errors. Any suggestions or assistance with how to accomplish this?
{
"Environments": [
{
"Name": "Production",
"Production": true,
"Tenant": "my-tenant.onmicrosoft.com",
"PolicySettings" : {
"TenantId": "my-tenant GUID",
"RelyingPartyPolicyName": "policyName",
"AppInsightsKey": "myAppInsightsKey",
"CertName": "myCertName",
"DevPrefix": "",
"RelyingPartyMetadata": "<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="myId" cacheDuration="PT1440M" entityID="myEntityId">
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:AssertionConsumerService index="0" Location="https://google.com" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" isDefault="true" />
<md:AttributeConsumingService index="0">
<md:ServiceName xml:lang="en">AttributeContract</md:ServiceName>
<md:RequestedAttribute Name="EmployeeID" />
<md:RequestedAttribute Name="displayName" />
</md:AttributeConsumingService>
</md:SPSSODescriptor>
<md:ContactPerson contactType="administrative" />
</md:EntityDescriptor>"
}
]
}
Regularly getting a json parse error - Seems to be intermittent when it triggers but once it does it won't work on those particular logs.
Unexpected token c in JSON at position 114393 (number varies)
I'd like the be able to use the build policy functionality as part of a custom Azure Pipelines task that could build the policy during a build.
Would you accept a PR that refactors that module and exports it so it can be imported and used by other NPM libraries?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.