flask login loop

[krsfrodaslz]

Hi, I'm running into a login loop after following the instructions. After being redirected to the homepage (after successfully logged in), I was asked to login again.

Here's how it behaves currently:

1. Access the homepage of my site. Redirected to login.microsoftonline.com.
2. /.auth/login/aad/callback (the redirect URL I set) gets called, but redirected to /.auth/login/done. This got me confused. Where is the login/done endpoint registered? I couldn't find it in repo Azure-Samples/ms-identity-python. I checked the code. It's supposed to be redirected to the next_link (aka the homepage) directly, right?
3. The login/done page tells me I've successfully signed in. See the screenshot below. Then follow the link to the homepage.
4. The server returns OK 200, not 302 this time. But still the page is refreshed to login.microsoftonline.com and asks me to pick up an account again.

What I'm missing? I'm testing this directly on Azure. My setup is flask + uWSGI + Nginx.

[krsfrodaslz]

Okay, /.auth/login/aad/callback is reserved and will be picked up by Azure instead of my app if easy auth is turned on. I turned it off and now the redirect endpoint of my app is called.

Now I have another problem about verifying the user auth code. I created a federated managed identity for my app. What should I pass to client_credential when constructing the Auth object? Is it the token acquired by acquire_token_for_client as illustrated in user-assigned-managed-identities?

[rayluo]

Thanks for sharing your troubleshooting result of "/.auth/login/aad/callback is reserved and will be picked up by Azure instead of my app if easy auth is turned on. I turned it off and now the redirect endpoint of my app is called." This will probably help future developers too, so I converted your github issue into a Q&A here.

Regarding your follow-up question "webapp supporting federated managed identity", it is a feature request. Please create a dedicated github issue for it, and tag @bgavrilMS and me.