GCN-AZ-427413a281d9
GCN-AZ-427413a281d9: Unable to start GoCloudNative.Bff. Invalid client_secret. Configure the client_secret in the appsettings.json or program.cs file and try again.
The GoCloudNative BFF is an authentication gateway. As a result, you must configure an identity provider (correctly) for it to start.
To bootstrap the BFF, load the identity provider configuration from the appsettings.json
:
//...
var builder = WebApplication.CreateBuilder(args);
var config = builder.Configuration.GetSection("Azure");
builder.Services.AddSecurityBff(o =>
{
o.ConfigureAzureAd(config);
//...
});
How to reproduce this error
To reproduce the error, the ClientSecret
needs to be missing:
"Oidc": {
"CliendId": "{yourClientId}",
"Authority": "https://{yourAuthority}",
"TenantId": "{yourTenantId}",
"Scopes": [
"openid", "profile", "offline_access"
]
},
or empty:
"Oidc": {
"CliendId": "{yourClientId}",
"ClientSecret": "",
"Authority": "https://{yourAuthority}",
"Scopes": [
"openid", "profile", "offline_access"
]
},
or misspelled:
"Oidc": {
"CliendId": "{yourClientId}",
"Client_Secret": "{yourClientSecret}",
"Authority": "https://{yourAuthority}",
"Scopes": [
"openid", "profile", "offline_access"
]
},
or incorrect casing:
"Oidc": {
"CliendId": "{yourClientId}",
"Clientsecret": "{yourClientSecret}",
"Authority": "https://{yourAuthority}",
"Scopes": [
"openid", "profile", "offline_access"
]
},
Solution
Configure the ClientSecret
correctly:
"Oidc": {
"CliendId": "{yourClientId}",
"ClientSecret": "{yourClientSecret}",
"TenantId": "{yourTenantId}",
"Authority": "https://{yourAuthority}",
"Scopes": [
"openid", "profile", "offline_access"
]
},
and restart the BFF.
How to find the ClientSecret in Azure
To find the correct value for the ClientSecret
variable,
- navigate to the Azure Portal, navigate to Azure Active Directory, and click
App Registrations
in the menu on the left. - Select your app registrations or create one. (If you don’t have an app registration yet, follow the Azure Active Directory Quickstart)
- This is what the overview page of an
App registration
looks like: - To create an app secret, click
Add a certificate or secret
. If you have done so already in the past, this link saysx certificates, x secrets
. Click it. - Click
+ New client secret
, and copy the secret value to theappsettings.json
file.