question

BlaiseLugeon-5253 avatar image
0 Votes"
BlaiseLugeon-5253 asked BlaiseLugeon-5253 commented

Static Web App Custom authentication: issue with accent/special char in name of a user

Hello,

I use the custom authorization with a Static Web App, as describe in:
- https://docs.microsoft.com/en-us/azure/static-web-apps/authentication-custom?tabs=aad
- https://docs.microsoft.com/en-us/azure/static-web-apps/assign-roles-microsoft-graph

I use Node.js in the Azure function, but probably it is not the relevant.
It works well as long as there is no accent/special char in the name of a user in the AD.

As soon as one accent is present in the user name, the custom authentication Azure function does not work anymore, resulting is an HTTP 403 error.
The root cause is a not conform user = req.body structure, which does not allow to get the token (user.accessToken throw an exception)

I found a workaround by stringify the user var, correct the format (double quote removal, adding missing char at the end), to get again a valid json, and getting again the access token to go on with the normal process.

This workaround works only with:
- Azure Active Directory Version 2 (otherwise the access token signature is not valid)
- With no more than 3 accents in the user name (after the token is not complete anymore)

Is there a "clean solution" (specifying the encoding type somewhere?) or any plan to correct this bug?
It is really a blocking issue for all countries using accent/special char in the AD....

Best regards

Blaise



azure-ad-authenticationmicrosoft-365-apps-publishing-devazure-static-web-apps
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi anonymous user,

I apologize for the delay on this reply. I understand that you are having issues authenticating users that have accent marks in their names.

I have reached out to the product team to see if there is a clean solution for this problem, as well as a plan to improve the service itself to allow more special characters. I created a feature request to track this but you are also welcome to create a separate request in the Ideas forum for this: https://feedback.azure.com/

0 Votes 0 ·

1 Answer

MarileeTurscak-MSFT avatar image
1 Vote"
MarileeTurscak-MSFT answered BlaiseLugeon-5253 commented

Hi anonymous user,

I discussed this issue with some contacts on the product team and they confirmed that this is a by-design behavior. This is a limitation from the Office 365 workload and not on the Azure AD side as user names are part of the Microsoft 365 workload. At the server side (AAD) the interpretation of the user name depends on what is supported by office. Special character limitations for user names in Microsoft 365 are provided here.

If you are concerned about the token claims though, they should be parsed as-is with the special characters. For reference, see How does SSO deal with accent marks? But if the user name is not recognized by the Microsoft 365 workload, the access token will not be received.

If you would like to request more support for special characters in Microsoft 365, you can create a feature request here. I have also created a request and bubbled this up with the product team. I added a Microsoft 365 tag to this thread, but they also have a forum in Tech Community.


Best,

Marilee



If this answer was helpful to you, please consider "marking as answer" so that others in the community with similar questions can more easily find a solution.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Marilee,

Thanks for the answer. I understand following your first link that éè (accents) are simply not officially supported on M365... I don't know how my customer could entered it (he should not have been able to do it if not supported).

My workaround works up to 3 accents, and so will remain as it is....

I really appreciate the time you spent working on my issue.

Best regards

Blaise

1 Vote 1 ·