GCN-AZ-427413a281d9

GCN-AZ-427413a281d9: Unable to start GoCloudNative.Bff. Invalid client_secret. Configure the client_secret in the appsettings.json or program.cs file and try again.

The GoCloudNative BFF is an authentication gateway. As a result, you must configure an identity provider (correctly) for it to start.

To bootstrap the BFF, load the identity provider configuration from the appsettings.json:

//...
var builder = WebApplication.CreateBuilder(args);

var config = builder.Configuration.GetSection("Azure");

builder.Services.AddSecurityBff(o =>
{
    o.ConfigureAzureAd(config);
    
    //...
});

How to reproduce this error

To reproduce the error, the ClientSecret needs to be missing:

  "Oidc": {
    "CliendId": "{yourClientId}",
    "Authority": "https://{yourAuthority}",
    "TenantId": "{yourTenantId}",
    "Scopes": [
      "openid", "profile", "offline_access"
    ]
  },

or empty:

  "Oidc": {
    "CliendId": "{yourClientId}",
    "ClientSecret": "",
    "Authority": "https://{yourAuthority}",
    "Scopes": [
      "openid", "profile", "offline_access"
    ]
  },

or misspelled:

  "Oidc": {
    "CliendId": "{yourClientId}",
    "Client_Secret": "{yourClientSecret}",
    "Authority": "https://{yourAuthority}",
    "Scopes": [
      "openid", "profile", "offline_access"
    ]
  },

or incorrect casing:

  "Oidc": {
    "CliendId": "{yourClientId}",
    "Clientsecret": "{yourClientSecret}",
    "Authority": "https://{yourAuthority}",
    "Scopes": [
      "openid", "profile", "offline_access"
    ]
  },

Solution

Configure the ClientSecret correctly:

  "Oidc": {
    "CliendId": "{yourClientId}",
    "ClientSecret": "{yourClientSecret}",
    "TenantId": "{yourTenantId}",
    "Authority": "https://{yourAuthority}",
    "Scopes": [
      "openid", "profile", "offline_access"
    ]
  },

and restart the BFF.

How to find the ClientSecret in Azure

To find the correct value for the ClientSecret variable,

  • navigate to the Azure Portal, navigate to Azure Active Directory, and click App Registrations in the menu on the left.
  • Select your app registrations or create one. (If you don’t have an app registration yet, follow the Azure Active Directory Quickstart)
  • This is what the overview page of an App registration looks like: App Registration overview page
  • To create an app secret, click Add a certificate or secret. If you have done so already in the past, this link says x certificates, x secrets. Click it.
  • Click + New client secret, and copy the secret value to the appsettings.json file.