System Information
-
Strapi Version: v4.10.1
-
Operating System: Windows 10
-
Database: mysql
-
Node Version: 18 LTS
-
NPM Version: 9.5.0
-
Yarn Version: N/A
I am hosting a React.js frontend on an Azure Static Web App instance with a Strapi backend. The Strapi backend performs authentication through Microsoft Active Directory (AD). I have already modified the users-permissions plugin to use single tenant AD authentication (as opposed to it’s default multi-tenant only configuration).
I am looking to modify the data sent back to my frontend after the authentication on Azure AD occurs. Azure Static Web Apps run on IIS, which limits URLs to 4096 characters. When the user successfully authenticates on AD, they are redirected to the Strapi API which then redirects them to my frontend. The problem is that the redirection query string exceeds the length limitation, causing a 404.14 error. I have confirmed that I do not need all the data sent in the query string, just the access_token itself. The fix I have in mind involves trimming excess data from the query string within Strapi before redirecting to the frontend. I am hoping to get some tips about which files control this redirect so that I can better target my modifications. If anyone has any alternate fixes, I am also happy to hear them.
Thank you for any help.
I was able to solve this problem by editing the grant configuration in my index.js bootstrap function. Grant is the NPM package responsible for managing OAuth requests and redirecting back to the frontend. By default, it is configured to send its response to a callback URL (frontend URL) with it’s response data in a query string. Response data includes tokens and raw data by default. By simply configuring grant to only include tokens in it’s response, the query string will only contain the access_token for Microsoft AD authentication. This brings the URL size to well under the limit and gives the necessary data for authentication requests from the frontend. For those curious, here is my bootstrap function in src/index.js:
async bootstrap(/*{ strapi }*/) {
// override default Microsoft Active directory route (/common) to use tenant id for single tenant
const pluginStore = strapi.store({ type: "plugin", name: "users-permissions" })
// bring in old configuration
const prevGrantConfig = (await pluginStore.get({ key: "grant" })) || {};
// MSAD tenant id as env variable
const endpoint = process.env.MICROSOFT_AUTH_TENANT_ID || 'common';
// settings overrides for MSAD single tenant endpoint + response configurations
const microsoftGrantConfig = {
authorize_url: `https://login.microsoftonline.com/${endpoint}/oauth2/v2.0/authorize`,
access_url: `https://login.microsoftonline.com/${endpoint}/oauth2/v2.0/token`,
transport: 'querystring', // format response as query string (same as default)
response: ["tokens"], // only return tokens in response
};
// merge old settings with overrides
const newGrantConfig = {
...prevGrantConfig,
microsoft: {
...prevGrantConfig.microsoft,
...microsoftGrantConfig,
}
};
// save new settings
await pluginStore.set({key: 'grant', value: newGrantConfig});
},