5

I’m configuring my passport/express/node azure app service website for single-tenant azure ad logins. I can sign in successfully on my localhost, but when I publish the site, I get {"code":400,"message":"IDX10205: Issuer validation failed. Issuer: '[PII is hidden]'. Did not match: validationParameters.ValidIssuer: '[PII is hidden]' or validationParameters.ValidIssuers: '[PII is hidden]'."}

I think I need set showPII somewhere to see that PII and diagnose/fix the issue. How can we control this flag in a node azure?

Jason Kleban
  • 20,024
  • 18
  • 75
  • 125
  • 1
    Refer to this [issue](https://github.com/MicrosoftDocs/azure-docs/issues/12552#issuecomment-491314107). – Joey Cai Dec 02 '19 at 09:13
  • Hmm, I'm sure that's relevant information, but I haven't been successful with it yet. I've tried setting passport OIDCStrategy issuer parameter to `https://login.microsoftonline.com/e...3` or `https://login.microsoftonline.com/e...3/v2.0` or `https://sts.windows.net/e...3/v2.0` and I've set the Manifest's `accessTokenAcceptedVersion` in Azure AD to `2` and various permutations. I cannot find where that "+ Add issuer" interface exists. There has been no change in my callback route's behavior through any of it. – Jason Kleban Dec 02 '19 at 13:02
  • Could you please provide your code of how to configure OIDCStrategy or BearerStrategy – Jim Xu Dec 26 '19 at 05:24
  • Has anyone figured out how you set this property? I am using OIDC and getting this error as well... – phitch Jun 06 '20 at 19:46
  • The following thread is one way to troubleshoot this issue: https://stackoverflow.com/a/66670625/4200557 – bryan.hunwardsen Mar 15 '23 at 21:03

0 Answers0