I am using the current Azure Mobile Apps SDK for customers JavaScriptand using the following tutorial . I have all the major providers registered in Azure, and all of them contain their own Application ID and secret, correctly configured. I use the template code from the SDK to call Azure Mobile Apps, and the provider's login (Twitter, Google, MSFT, FB) will open a window in my web application and allow me to log in for authentication. Authentication works.
The problem is the callback to my original web application. I get an error 403 (Forbidden)and the following is displayed in the browser window:
You do not have permission to view this directory or page.
Here are some examples of return URLs (blurred values for brevity)
https://myservice.azurewebsites.net/.auth/login/facebook/callback?code=AQB123&state=nonce%3D3
https://myservice.azurewebsites.net/.auth/login/twitter/callback?oauth_token=FhGv&oauth_verifier=abc123
https://myservice.azurewebsites.net/.auth/login/google/callback?state=nonce%3Dc&authuser=0&session_state=4cf501&prompt=none#
The fact is that if I take any of the above URLs and paste it into a new browser window and make a call, I get the following Azure message in the browser:
You have successfully logged in
OK, so login and authentication work, but the application callback does not seem to work with this 403 forbidden. Here is what I tried:
- "*"
CORS Azure Azure Mobile Apps - "*"
CORS - ASP.NET Core Content-Security-Policy index.html
<meta http-equiv ="Content-Security-Policy" content="default-src * 'unsafe-inline'; script-src * 'unsafe-inline'; connect-src *; img-src *; style-src * 'unsafe-inline'">
. Azure Mobile Services, Azure Mobile Apps ( Content-Security-Policy , ). , JavaScript , , WindowsAzure.MobileServiceClient.
- , 403 forbidden ?
: , : Azure Mobile App -Side JavaScript