Skip to content

Commit de8f8ab

Browse files
author
Desmond Howard
authored
Fetch AAD authentication info from backend (microsoft#427)
### Motivation and Context <!-- Thank you for your contribution to the chat-copilot repo! Please help reviewers and future users, providing the following information: 1. Why is this change required? 2. What problem does it solve? 3. What scenario does it contribute to? 4. If it fixes an open issue, please link to the issue here. --> this PR prepares the frontend for microsoft#377 and removes the need for any AAD configuration environment variables. ### Description - removes `REACT_APP_AUTH_TYPE` and all variables starting with `REACT_APP_AAD_` - calls the `/authConfig` endpoint when the app first loads and if needed, renders the `MsalProvider` using the fetched config. - updates workflows and deployment scripts accordingly <!-- Describe your changes, the overall approach, the underlying design. These notes will help understanding how your code works. Thanks! --> ### Contribution Checklist <!-- Before submitting this PR, please make sure: --> - [X] The code builds clean without any errors or warnings - [X] The PR follows the [Contribution Guidelines](https://github.com/microsoft/chat-copilot/blob/main/CONTRIBUTING.md) and the [pre-submission formatting script](https://github.com/microsoft/chat-copilot/blob/main/CONTRIBUTING.md#development-scripts) raises no violations - [X] All unit tests pass, and I have added new tests where possible - [X] I didn't break anyone 😄
1 parent 2241167 commit de8f8ab

File tree

22 files changed

+189
-284
lines changed

22 files changed

+189
-284
lines changed

.github/workflows/copilot-build-images.yml

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -6,15 +6,6 @@ on:
66
REACT_APP_BACKEND_URI:
77
required: true
88
type: string
9-
REACT_APP_AAD_AUTHORITY:
10-
required: true
11-
type: string
12-
REACT_APP_AAD_CLIENT_ID:
13-
required: true
14-
type: string
15-
REACT_APP_AAD_API_SCOPE:
16-
required: false
17-
type: string
189
env:
1910
REGISTRY: ghcr.io
2011

@@ -38,9 +29,6 @@ jobs:
3829
image: ${{ github.repository }}-webapp-nginx
3930
build-args: |
4031
REACT_APP_BACKEND_URI=${{ inputs.REACT_APP_BACKEND_URI }}
41-
REACT_APP_AAD_AUTHORITY=${{ inputs.REACT_APP_AAD_AUTHORITY }}
42-
REACT_APP_AAD_CLIENT_ID=${{ inputs.REACT_APP_AAD_CLIENT_ID }}
43-
REACT_APP_AAD_API_SCOPE=${{ inputs.REACT_APP_AAD_API_SCOPE }}
4432
permissions:
4533
contents: read
4634
packages: write

.github/workflows/copilot-test-e2e.yml

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -71,11 +71,6 @@ jobs:
7171
env:
7272
REACT_APP_BACKEND_URI: https://localhost:40443/
7373

74-
REACT_APP_AUTH_TYPE: AzureAd
75-
REACT_APP_AAD_AUTHORITY: https://login.microsoftonline.com/${{ secrets.COPILOT_CHAT_TEST_TENANT_ID }}
76-
REACT_APP_AAD_CLIENT_ID: ${{ secrets.COPILOT_CHAT_TEST_APP_AAD_WEBAPP_CLIENT_ID }}
77-
REACT_APP_AAD_API_SCOPE: api://${{ secrets.COPILOT_CHAT_TEST_APP_AAD_WEBAPI_CLIENT_ID }}/access_as_user
78-
7974
REACT_APP_TEST_USER_ACCOUNT1: ${{ secrets.COPILOT_CHAT_TEST_USER_ACCOUNT1 }}
8075
REACT_APP_TEST_USER_ACCOUNT1_INITIALS: ${{ secrets.COPILOT_CHAT_TEST_USER_ACCOUNT1_INITIALS }}
8176
REACT_APP_TEST_USER_ACCOUNT2: ${{ secrets.COPILOT_CHAT_TEST_USER_ACCOUNT2 }}

docker/webapp/Dockerfile.nginx

Lines changed: 1 addition & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,21 +1,12 @@
11
# source webapp/.env
2-
# docker build --build-arg REACT_APP_BACKEND_URI=$REACT_APP_BACKEND_URI --build-arg REACT_APP_AAD_AUTHORITY=$REACT_APP_AAD_AUTHORITY --build-arg REACT_APP_AAD_CLIENT_ID=$REACT_APP_AAD_CLIENT_ID --build-arg REACT_APP_AAD_API_SCOPE=$REACT_APP_AAD_API_SCOPE -f docker/webapp/Dockerfile.nginx -t chat-copilot-webapp-nginx .
2+
# docker build --build-arg REACT_APP_BACKEND_URI=$REACT_APP_BACKEND_URI -f docker/webapp/Dockerfile.nginx -t chat-copilot-webapp-nginx .
33

44
# builder
55
FROM node:lts-alpine as builder
66

77
ARG REACT_APP_BACKEND_URI
88
ENV REACT_APP_BACKEND_URI $REACT_APP_BACKEND_URI
99

10-
ARG REACT_APP_AAD_AUTHORITY
11-
ENV REACT_APP_AAD_AUTHORITY $REACT_APP_AAD_AUTHORITY
12-
13-
ARG REACT_APP_AAD_CLIENT_ID
14-
ENV REACT_APP_AAD_CLIENT_ID $REACT_APP_AAD_CLIENT_ID
15-
16-
ARG REACT_APP_AAD_API_SCOPE
17-
ENV REACT_APP_AAD_API_SCOPE $REACT_APP_AAD_API_SCOPE
18-
1910
WORKDIR /app
2011
COPY webapp/ .
2112
RUN yarn install \

scripts/Configure.ps1

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -217,14 +217,6 @@ $webappEnvFilePath = Join-Path "$webappProjectPath" '/.env'
217217
Write-Host "Setting up '.env'..."
218218
Set-Content -Path $webappEnvFilePath -Value "REACT_APP_BACKEND_URI=https://localhost:40443/"
219219

220-
if ($authType -eq $varAzureAd) {
221-
Write-Host "Configuring Azure AD authentication..."
222-
Add-Content -Path $webappEnvFilePath -Value "REACT_APP_AUTH_TYPE=AzureAd"
223-
Add-Content -Path $webappEnvFilePath -Value "REACT_APP_AAD_AUTHORITY=$($Instance.Trim("/"))/$TenantId"
224-
Add-Content -Path $webappEnvFilePath -Value "REACT_APP_AAD_CLIENT_ID=$FrontendClientId"
225-
Add-Content -Path $webappEnvFilePath -Value "REACT_APP_AAD_API_SCOPE=api://$BackendClientId/access_as_user"
226-
}
227-
228220
Write-Host "($webappEnvFilePath)"
229221
Write-Host "========"
230222
Get-Content $webappEnvFilePath | Write-Host

scripts/configure.sh

Lines changed: 3 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -206,6 +206,9 @@ APPSETTINGS_OVERRIDES="{
206206
\"EmbeddingGeneratorType\": \"${AI_SERVICE}\"
207207
},
208208
\"Services\": ${AISERVICE_OVERRIDES}
209+
},
210+
\"Frontend\": {
211+
\"AadClientId\": \"${FRONTEND_CLIENT_ID}\"
209212
}
210213
}"
211214
APPSETTINGS_OVERRIDES_FILEPATH="${WEBAPI_PROJECT_PATH}/appsettings.${ENV_ASPNETCORE}.json"
@@ -229,16 +232,6 @@ WEBAPP_ENV_FILEPATH="${WEBAPP_PROJECT_PATH}/.env"
229232
echo "Setting up '.env' for webapp..."
230233
echo "REACT_APP_BACKEND_URI=https://localhost:40443/" >$WEBAPP_ENV_FILEPATH
231234

232-
if [ "$AUTH_TYPE" = "$ENV_AZURE_AD" ]; then
233-
echo "Configuring Azure AD authentication..."
234-
echo "REACT_APP_AUTH_TYPE=AzureAd" >>$WEBAPP_ENV_FILEPATH
235-
# Trim any trailing slash from instance before generating authority
236-
INSTANCE=${INSTANCE%/}
237-
echo "REACT_APP_AAD_AUTHORITY=$INSTANCE/$TENANT_ID" >>$WEBAPP_ENV_FILEPATH
238-
echo "REACT_APP_AAD_CLIENT_ID=$FRONTEND_CLIENT_ID" >>$WEBAPP_ENV_FILEPATH
239-
echo "REACT_APP_AAD_API_SCOPE=api://$BACKEND_CLIENT_ID/access_as_user" >>$WEBAPP_ENV_FILEPATH
240-
fi
241-
242235
echo "($WEBAPP_ENV_FILEPATH)"
243236
echo "========"
244237
cat $WEBAPP_ENV_FILEPATH

scripts/deploy/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ This document details how to deploy Chat Copilot's required resources to your Az
1111

1212
- `F1` and `D1` SKUs for the App Service Plans are not currently supported for this deployment in order to support private networking.
1313

14-
- Chat Copilot deployments use Azure Active Directory for authentication. All endpoints (except `/healthz`) require authentication to access.
14+
- Chat Copilot deployments use Azure Active Directory for authentication. All endpoints (except `/healthz` and `/authInfo`) require authentication to access.
1515

1616
# Configure your environment
1717

scripts/deploy/deploy-webapp.ps1

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -65,22 +65,12 @@ foreach ($pluginName in $pluginNames) {
6565
Write-Host "pluginName: $pluginName"
6666
}
6767

68-
$webapiSettings = $(az webapp config appsettings list --name $webapiName --resource-group $ResourceGroupName | ConvertFrom-JSON)
69-
$webapiClientId = ($webapiSettings | Where-Object -Property name -EQ -Value Authentication:AzureAd:ClientId).value
70-
$webapiTenantId = ($webapiSettings | Where-Object -Property name -EQ -Value Authentication:AzureAd:TenantId).value
71-
$webapiInstance = ($webapiSettings | Where-Object -Property name -EQ -Value Authentication:AzureAd:Instance).value
72-
$webapiScope = ($webapiSettings | Where-Object -Property name -EQ -Value Authentication:AzureAd:Scopes).value
73-
7468
# Set ASCII as default encoding for Out-File
7569
$PSDefaultParameterValues['Out-File:Encoding'] = 'ascii'
7670

7771
$envFilePath = "$PSScriptRoot/../../webapp/.env"
7872
Write-Host "Writing environment variables to '$envFilePath'..."
7973
"REACT_APP_BACKEND_URI=https://$webapiUrl/" | Out-File -FilePath $envFilePath
80-
"REACT_APP_AUTH_TYPE=AzureAd" | Out-File -FilePath $envFilePath -Append
81-
"REACT_APP_AAD_AUTHORITY=$($webapiInstance.Trim("/"))/$webapiTenantId" | Out-File -FilePath $envFilePath -Append
82-
"REACT_APP_AAD_CLIENT_ID=$FrontendClientId" | Out-File -FilePath $envFilePath -Append
83-
"REACT_APP_AAD_API_SCOPE=api://$webapiClientId/$webapiScope" | Out-File -FilePath $envFilePath -Append
8474
"REACT_APP_SK_VERSION=$Version" | Out-File -FilePath $envFilePath -Append
8575
"REACT_APP_SK_BUILD_INFO=$VersionInfo" | Out-File -FilePath $envFilePath -Append
8676

scripts/deploy/deploy-webapp.sh

Lines changed: 3 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -102,23 +102,11 @@ echo "WEB_API_NAME: $WEB_API_NAME"
102102
eval PLUGIN_NAMES=$(echo $DEPLOYMENT_JSON | jq -r '.properties.outputs.pluginNames.value[]')
103103
echo "PLUGIN_NAMES: $PLUGIN_NAMES"
104104

105-
WEB_API_SETTINGS=$(az webapp config appsettings list --name $WEB_API_NAME --resource-group $RESOURCE_GROUP --output json)
106-
eval WEB_API_CLIENT_ID=$(echo $WEB_API_SETTINGS | jq '.[] | select(.name=="Authentication:AzureAd:ClientId").value')
107-
eval WEB_API_TENANT_ID=$(echo $WEB_API_SETTINGS | jq '.[] | select(.name=="Authentication:AzureAd:TenantId").value')
108-
eval WEB_API_INSTANCE=$(echo $WEB_API_SETTINGS | jq '.[] | select(.name=="Authentication:AzureAd:Instance").value')
109-
eval WEB_API_SCOPE=$(echo $WEB_API_SETTINGS | jq '.[] | select(.name=="Authentication:AzureAd:Scopes").value')
110-
111105
ENV_FILE_PATH="$SCRIPT_ROOT/../../webapp/.env"
112106
echo "Writing environment variables to '$ENV_FILE_PATH'..."
113-
echo "REACT_APP_BACKEND_URI=https://$WEB_API_URL/" >$ENV_FILE_PATH
114-
echo "REACT_APP_AUTH_TYPE=AzureAd" >>$ENV_FILE_PATH
115-
# Trim any trailing slash from instance before generating authority
116-
WEB_API_INSTANCE=${WEB_API_INSTANCE%/}
117-
echo "REACT_APP_AAD_AUTHORITY=$WEB_API_INSTANCE/$WEB_API_TENANT_ID" >>$ENV_FILE_PATH
118-
echo "REACT_APP_AAD_CLIENT_ID=$FRONTEND_CLIENT_ID" >>$ENV_FILE_PATH
119-
echo "REACT_APP_AAD_API_SCOPE=api://$WEB_API_CLIENT_ID/$WEB_API_SCOPE" >>$ENV_FILE_PATH
120-
echo "REACT_APP_SK_VERSION=$VERSION" >>$ENV_FILE_PATH
121-
echo "REACT_APP_SK_BUILD_INFO=$VERSION_INFO" >>$ENV_FILE_PATH
107+
echo "REACT_APP_BACKEND_URI=https://$WEB_API_URL/" > $ENV_FILE_PATH
108+
echo "REACT_APP_SK_VERSION=$VERSION" >> $ENV_FILE_PATH
109+
echo "REACT_APP_SK_BUILD_INFO=$VERSION_INFO" >> $ENV_FILE_PATH
122110

123111
echo "Writing swa-cli.config.json..."
124112
SWA_CONFIG_FILE_PATH="$SCRIPT_ROOT/../../webapp/swa-cli.config.json"

webapi/Controllers/MaintenanceController.cs

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@
22

33
using System.Threading;
44
using System.Threading.Tasks;
5-
using CopilotChat.WebApi.Auth;
65
using CopilotChat.WebApi.Models.Response;
76
using CopilotChat.WebApi.Options;
87
using CopilotChat.WebApi.Services.MemoryMigration;
@@ -23,19 +22,16 @@ public class MaintenanceController : ControllerBase
2322

2423
private readonly ILogger<MaintenanceController> _logger;
2524
private readonly IOptions<ServiceOptions> _serviceOptions;
26-
private readonly IAuthInfo _authInfo;
2725

2826
/// <summary>
2927
/// Initializes a new instance of the <see cref="MaintenanceController"/> class.
3028
/// </summary>
3129
public MaintenanceController(
3230
ILogger<MaintenanceController> logger,
33-
IOptions<ServiceOptions> serviceOptions,
34-
IAuthInfo authInfo)
31+
IOptions<ServiceOptions> serviceOptions)
3532
{
3633
this._logger = logger;
3734
this._serviceOptions = serviceOptions;
38-
this._authInfo = authInfo;
3935
}
4036

4137
/// <summary>

webapp/.env.example

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,6 @@
11
# Required Variables
2-
# If you add any new required variables, make sure you update the variables list in the checkEnv.ts file as well.
32
REACT_APP_BACKEND_URI=https://localhost:40443/
43

5-
# To enable authorization using Azure Active Directory, uncomment the following variables
6-
# See paragraph "(Optional) Enable backend authorization via Azure AD" in README.md for details and setup
7-
# REACT_APP_AUTH_TYPE=AzureAd
8-
# REACT_APP_AAD_AUTHORITY=https://login.microsoftonline.com/{YOUR_TENANT_ID}
9-
# REACT_APP_AAD_CLIENT_ID=
10-
# Authorization scopes to access webapi when using Azure AD authorization.
11-
# REACT_APP_AAD_API_SCOPE=
12-
134
# To enable HTTPS, uncomment the following variables
145
# HTTPS="true"
156
# Replace with your locally-trusted cert file

0 commit comments

Comments
 (0)