Change AAD authorization to be opt-in within webapp #110
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dehoward
added
the
PR: breaking change
github-actions
bot
added
webapp
dehoward
changed the title
4 tasks
|
Closing this PR as it is now covered by #126 |
github-merge-queue bot
pushed a commit
that referenced
this pull request
Aug 18, 2023
### Motivation and Context This PR addresses microsoft/semantic-kernel#1639. It is a combination of PRs #92 and #110 ### Description #### Backend changes - Remove API key authorization - Use "AzureAD" as default authentication configuration for deployments, "None" for running locally (Note: UI changes to disable sign in flow for the latter case are still forthcoming) - Enable auth policy on controllers that checks if the user is part of the conversation they are trying to access This PR changes the contract between the frontend and backend around how user IDs are communicated. Users who have been signing into the frontend with AAD will now only see their chats if the backend is also gated by AAD authentication, which was not the case previously. #### Frontend changes - adds `REACT_APP_AUTH_TYPE` and changes AAD variables in `.env` to be optional - adds `AuthHelper.IsAuthAAD` to conditionally render different elements throughout the app - changes user settings menu popup to instead just show as a settings button:  Existing users will need to uncomment `REACT_APP_AUTH_TYPE=AzureAd` in `webapp/.env` to continue using AAD as their authorization type. ### Contribution Checklist <!-- Before submitting this PR, please make sure: --> - [x] The code builds clean without any errors or warnings - [x] The PR follows the [Contribution Guidelines](https://github.com/microsoft/copilot-chat/blob/main/CONTRIBUTING.md) and the [pre-submission formatting script](https://github.com/microsoft/copilot-chat/blob/main/CONTRIBUTING.md#development-scripts) raises no violations - [ ] All unit tests pass, and I have added new tests where possible - [x] I didn't break anyone 😄 --------- Co-authored-by: Desmond Howard <[email protected]>
teamleader-dev
pushed a commit
to vlink-group/chat-copilot
that referenced
this pull request
Oct 7, 2024
### Motivation and Context This PR addresses microsoft/semantic-kernel#1639. It is a combination of PRs microsoft#92 and microsoft#110 ### Description #### Backend changes - Remove API key authorization - Use "AzureAD" as default authentication configuration for deployments, "None" for running locally (Note: UI changes to disable sign in flow for the latter case are still forthcoming) - Enable auth policy on controllers that checks if the user is part of the conversation they are trying to access This PR changes the contract between the frontend and backend around how user IDs are communicated. Users who have been signing into the frontend with AAD will now only see their chats if the backend is also gated by AAD authentication, which was not the case previously. #### Frontend changes - adds `REACT_APP_AUTH_TYPE` and changes AAD variables in `.env` to be optional - adds `AuthHelper.IsAuthAAD` to conditionally render different elements throughout the app - changes user settings menu popup to instead just show as a settings button:  Existing users will need to uncomment `REACT_APP_AUTH_TYPE=AzureAd` in `webapp/.env` to continue using AAD as their authorization type. ### Contribution Checklist <!-- Before submitting this PR, please make sure: --> - [x] The code builds clean without any errors or warnings - [x] The PR follows the [Contribution Guidelines](https://github.com/microsoft/copilot-chat/blob/main/CONTRIBUTING.md) and the [pre-submission formatting script](https://github.com/microsoft/copilot-chat/blob/main/CONTRIBUTING.md#development-scripts) raises no violations - [ ] All unit tests pass, and I have added new tests where possible - [x] I didn't break anyone 😄 --------- Co-authored-by: Desmond Howard <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
dependent on #92.
removing AAD as the default authorization method will allow users to get the app running more quickly.
breaking change: existing users will need to uncomment
REACT_APP_AUTH_TYPE=AzureAdinwebapp/.envto continue using AAD as their authorization type.Contribution Checklist
REACT_APP_AUTH_TYPEand changes AAD variables in.envto be optionalAuthHelper.IsAuthAADto conditionally render different elements throughout the app