Skip to content

[App Service] Fix auth v2 migration, SP detection, and new auth parameters#33075

Open
seligj95 wants to merge 5 commits intoAzure:devfrom
seligj95:fix/auth-v2-migration
Open

[App Service] Fix auth v2 migration, SP detection, and new auth parameters#33075
seligj95 wants to merge 5 commits intoAzure:devfrom
seligj95:fix/auth-v2-migration

Conversation

@seligj95
Copy link
Contributor

@seligj95 seligj95 commented Mar 26, 2026
edited
Loading

Description

Changes

Issue #26603az webapp auth update uses stale API version:

  • az webapp auth show now auto-detects v2 auth configuration and returns v2 settings via get_auth_settings_v2, falling back to v1 when not configured
  • az webapp auth update detects v2 auth and routes updates through update_auth_settings_v2 with proper nested model mapping

Issue #25662 — New webapps default to auth v1 instead of v2:

  • v2-only parameters (e.g. --require-https) automatically force the v2 code path for new auth setups

Issue #30322 — Missing v2 parameters:

  • Added --require-https parameter (controls http_settings.require_https in v2)
  • --token-store now maps to login.token_store.enabled in v2
  • --aad-allowed-token-audiences maps to identity_providers.azure_active_directory.validation.allowed_audiences
  • All identity provider params (Facebook, Google, Twitter, Microsoft) properly map to v2 nested structure

Testing

  • 15 new unit tests in test_webapp_commands_thru_mock.py covering:
    • v2 detection logic (_is_auth_v2_app)
    • Show auto-detection and v1 fallback
    • Update routing to v2/v1 based on app config
    • AAD, Facebook, action mapping in v2
    • --require-https forcing v2 path
  • All 44 tests pass (29 existing + 15 new)
  • azdev style appservice passes

Files changed

  • custom.py — Added _get_auth_settings_v2, _is_auth_v2_app, _update_auth_settings_v2; modified get_auth_settings, update_auth_settings
  • _params.py — Added --require-https parameter
  • _help.py — Updated help text for v2 support
  • test_webapp_commands_thru_mock.py — Added TestWebappAuthV2Mocked test class

Fixes #26603
Fixes #25662
Fixes #30322

@seligj95
[App Service] Fix Azure#26603, Azure#25662, Azure#30322: `az webapp a…
aa434b0 
…uth`: v2 auth migration improvements

- `az webapp auth show` now auto-detects v2 auth and returns v2 settings
  when configured, falling back to v1 (Azure#26603)
- `az webapp auth update` routes to v2 API (authsettingsV2) when the app
  has v2 auth configured, with proper mapping of all params to v2 model
  structure (Azure#25662, Azure#26603)
- v2-only parameters like `--require-https` automatically force the v2
  code path for new auth setups (Azure#25662)
- Added `--require-https` parameter for v2 HTTP settings (Azure#30322)
- `--token-store`, `--aad-allowed-token-audiences`, and identity provider
  params now correctly map to v2 nested model structure (Azure#30322)
- Updated help text to reflect v2 support
- Added 15 unit tests covering v2 detection, show/update routing, AAD,
  Facebook, action mapping, and v1 fallback

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings March 26, 2026 15:40
@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Mar 26, 2026
edited
Loading

❌AzureCLI-FullTest
🔄acr
🔄latest
🔄3.12
🔄3.13
🔄acs
🔄latest
🔄3.12
🔄3.13
🔄advisor
🔄latest
️✔️3.12
🔄3.13
️✔️ams
️✔️latest
️✔️3.12
️✔️3.13
🔄apim
🔄latest
🔄3.12
🔄3.13
🔄appconfig
🔄latest
️✔️3.12
🔄3.13
❌appservice
❌latest
❌3.12
Type Test Case Error Message Line
Failed test_webapp_authentication self = <azure.cli.testsdk.base.ExecutionResult object at 0x7f4e8331a570>
cli_ctx = <azure.cli.core.mock.DummyCli object at 0x7f4e83ccbb00>
command = 'webapp auth show -g cli_test_webapp_authentication000001 -n webapp-authentication-test000002'
expect_failure = False

    def in_process_execute(self, cli_ctx, command, expect_failure=False):
        from io import StringIO
        from vcr.errors import CannotOverwriteExistingCassetteException
    
        if command.startswith('az '):
            command = command[3:]
    
        stdout_buf = StringIO()
        logging_buf = StringIO()
        try:
            # issue: stderr cannot be redirect in this form, as a result some failure information
            # is lost when command fails.
>           self.exit_code = cli_ctx.invoke(shlex.split(command), out_file=stdout_buf) or 0
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

src/azure-cli-testsdk/azure/cli/testsdk/base.py:303: 
                                        
env/lib/python3.12/site-packages/knack/cli.py:245: in invoke
    exit_code = self.exception_handler(ex)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^
src/azure-cli-core/azure/cli/core/init.py:157: in exception_handler
    return handle_exception(ex)
           ^^^^^^^^^^^^^^^^^^^^
src/azure-cli-testsdk/azure/cli/testsdk/patches.py:33: in handle_main_exception
    raise ex
env/lib/python3.12/site-packages/knack/cli.py:233: in invoke
    cmd_result = self.invocation.execute(args)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
src/azure-cli-core/azure/cli/core/commands/init.py:677: in execute
    raise ex
src/azure-cli-core/azure/cli/core/commands/init.py:820: in run_jobs_serially
    results.append(self.run_job(expanded_arg, cmd_copy))
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
src/azure-cli-core/azure/cli/core/commands/init.py:789: in run_job
    result = cmd_copy(params)
             ^^^^^^^^^^^^^^^^
src/azure-cli-core/azure/cli/core/commands/init.py:335: in call
    return self.handler(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
src/azure-cli-core/azure/cli/core/commands/command_operation.py:362: in handler
    show_exception_handler(ex)
src/azure-cli-core/azure/cli/core/commands/arm.py:476: in show_exception_handler
    raise ex
src/azure-cli-core/azure/cli/core/commands/command_operation.py:360: in handler
    return op(**command_args)
           ^^^^^^^^^^^^^^^^^^
src/azure-cli/azure/cli/command_modules/appservice/custom.py:2808: in get_auth_settings
    auth_settings_v2 = get_auth_settings_v2(cmd, resource_group_name, name, slot)
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
src/azure-cli/azure/cli/command_modules/appservice/custom.py:2714: in get_auth_settings_v2
    return generic_site_operation(cmd.cli_ctx, resource_group_name, name,
src/azure-cli/azure/cli/command_modules/appservice/appservice_utils.py:20: in generic_site_operation
    return (operation(resource_group_name, name)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/tracing/decorator.py:119: in wrapper_use_tracer
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/mgmt/web/v2024_11_01/operations/web_apps_operations.py:19638: in get_auth_settings_v2
    pipeline_response: PipelineResponse = self.client.pipeline.run(  # pylint: disable=protected-access
env/lib/python3.12/site-packages/azure/core/pipeline/base.py:242: in run
    return first_node.send(pipeline_request)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/mgmt/core/policies/base.py:95: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/pipeline/policies/redirect.py:205: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/pipeline/policies/retry.py:545: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/pipeline/policies/authentication.py:194: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/pipeline/base.py:130: in send
    self.sender.send(request.http_request, **request.context.options),
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/azure/core/pipeline/transport/requests_basic.py:375: in send
    response = self.session.request(  # type: ignore
env/lib/python3.12/site-packages/requests/sessions.py:592: in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/requests/sessions.py:706: in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.12/site-packages/requests/adapters.py:645: in send
    resp = conn.urlopen(
env/lib/python3.12/site-packages/urllib3/connectionpool.py:787: in urlopen
    response = self.make_request(
env/lib/python3.12/site-packages/urllib3/connectionpool.py:534: in make_request
    response = conn.getresponse()
               ^^^^^^^^^^^^^^^^^^
                                        

self = <VCRRequestsHTTPSConnection/mnt/vss/work/1/s/src/azure-cli/azure/cli/command_modules/appservice/tests/latest/recordings/test_webapp_authentication.yaml(host='management.azure.com', port=443) at 0x7f4e80b01b20>
 = False, kwargs = {}

    def getresponse(self, =False, **kwargs):
        """Retrieve the response"""
        # Check to see if the cassette has a response for this request. If so,
        # then return it
        if self.cassette.can_play_response_for(self.vcr_request):
            log.info(f"Playing response for {self.vcr_request} from cassette")
            response = self.cassette.play_response(self.vcr_request)
            return VCRHTTPResponse(response)
        else:
            if self.cassette.write_protected and self.cassette.filter_request(self.vcr_request):
>               raise CannotOverwriteExistingCassetteException(
                    cassette=self.cassette,
                    failed_request=self.vcr_request,
                )
E               vcr.errors.CannotOverwriteExistingCassetteException: Can't overwrite existing cassette ('/mnt/vss/work/1/s/src/azure-cli/azure/cli/command_modules/appservice/tests/latest/recordings/test_webapp_authentication.yaml') in your current record mode ('once').
E               No match for the request (<Request (GET) https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list?api-version=2024-11-01>)&nbsp;was&nbsp;found.
E               Found 3 similar requests with 1 different matcher(s) :
E               
E               1 - (<Request (GET) https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_webapp_authentication000001?api-version=2024-11-01>).
E               Matchers succeeded : ['method', 'scheme', 'host', 'port', 'custom_request_query_matcher']
E               Matchers failed :
E               path - assertion failure :
E               /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list != /subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_webapp_authentication000001
E               
E               2 - (<Request (GET) https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2024-11-01>).
E               Matchers succeeded : ['method', 'scheme', 'host', 'port', 'custom_request_query_matcher']
E               Matchers failed :
E               path - assertion failure :
E               /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list != /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003
E               
E               3 - (<Request (GET) https://management.azure.com/providers/Microsoft.Web/webAppStacks?api-version=2024-11-01>).
E               Matchers succeeded : ['method', 'scheme', 'host', 'port', 'custom_request_query_matcher']
E               Matchers failed :
E               path - assertion failure :
E               /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list != /providers/Microsoft.Web/webAppStacks

env/lib/python3.12/site-packages/vcr/stubs/init.py:277: CannotOverwriteExistingCassetteException

During handling of the above exception, another exception occurred:

self = <azure.cli.command_modules.appservice.tests.latest.test_webapp_commands.WebappAuthenticationTest testMethod=test_webapp_authentication>
resource_group = 'cli_test_webapp_authentication000001'

    @AllowLargeResponse()
    @ResourceGroupPreparer(name_prefix='cli_test_webapp_authentication', location=WINDOWS_ASP_LOCATION_WEBAPP)
    def test_webapp_authentication(self, resource_group):
        webapp_name = self.create_random_name('webapp-authentication-test', 40)
        plan_name = self.create_random_name('webapp-authentication-plan', 40)
        self.cmd(
            'appservice plan create -g {} -n {} --sku S1'.format(resource_group, plan_name))
        self.cmd(
            'webapp create -g {} -n {} --plan {}'.format(resource_group, webapp_name, plan_name))
        # testing show command for newly created app and initial fields
>       self.cmd('webapp auth show -g {} -n {}'.format(resource_group, webapp_name)).assert_with_checks([
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
            JMESPathCheck('unauthenticatedClientAction', None),
            JMESPathCheck('defaultProvider', None),
            JMESPathCheck('enabled', False),
            JMESPathCheck('tokenStoreEnabled', None),
            JMESPathCheck('allowedExternalRedirectUrls', None),
            JMESPathCheck('tokenRefreshExtensionHours', None),
            JMESPathCheck('runtimeVersion', None),
            JMESPathCheck('clientId', None),
            JMESPathCheck('clientSecret', None),
            JMESPathCheck('clientSecretCertificateThumbprint', None),
            JMESPathCheck('allowedAudiences', None),
            JMESPathCheck('issuer', None),
            JMESPathCheck('facebookAppId', None),
            JMESPathCheck('facebookAppSecret', None),
            JMESPathCheck('facebookOauthScopes', None)
        ])

src/azure-cli/azure/cli/command_modules/appservice/tests/latest/test_webapp_commands.py:2098: 
                                        
src/azure-cli-testsdk/azure/cli/testsdk/base.py:177: in cmd
    return execute(self.cli_ctx, command, expect_failure=expect_failure).assert_with_checks(checks)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
src/azure-cli-testsdk/azure/cli/testsdk/base.py:252: in init
    self.in_process_execute(cli_ctx, command, expect_failure=expect_failure)
                                        

self = <azure.cli.testsdk.base.ExecutionResult object at 0x7f4e8331a570>
cli_ctx = <azure.cli.core.mock.DummyCli object at 0x7f4e83ccbb00>
command = 'webapp auth show -g cli_test_webapp_authentication000001 -n webapp-authentication-test000002'
expect_failure = False

    def _in_process_execute(self, cli_ctx, command, expect_failure=False):
        from io import StringIO
        from vcr.errors import CannotOverwriteExistingCassetteException
    
        if command.startswith('az '):
            command = command[3:]
    
        stdout_buf = StringIO()
        logging_buf = StringIO()
        try:
            # issue: stderr cannot be redirect in this form, as a result some failure information
            # is lost when command fails.
            self.exit_code = cli_ctx.invoke(shlex.split(command), out_file=stdout_buf) or 0
            self.output = stdout_buf.getvalue()
            self.applog = logging_buf.getvalue()
    
        except CannotOverwriteExistingCassetteException as ex:
>           raise AssertionError(ex)
E           AssertionError: Can't overwrite existing cassette ('/mnt/vss/_work/1/s/src/azure-cli/azure/cli/command_modules/appservice/tests/latest/recordings/test_webapp_authentication.yaml') in your current record mode ('once').
E           No match for the request (<Request (GET) https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list?api-version=2024-11-01>)&nbsp;was&nbsp;found.
E           Found 3 similar requests with 1 different matcher(s) :
E           
E           1 - (<Request (GET) https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_webapp_authentication000001?api-version=2024-11-01>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list != /subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_webapp_authentication000001
E           
E           2 - (<Request (GET) https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2024-11-01>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list != /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003
E           
E           3 - (<Request (GET) https://management.azure.com/providers/Microsoft.Web/webAppStacks?api-version=2024-11-01>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list != /providers/Microsoft.Web/webAppStacks

src/azure-cli-testsdk/azure/cli/testsdk/base.py:308: AssertionError		 azure/cli/command_modules/appservice/tests/latest/test_webapp_commands.py:2087
❌3.13
Type Test Case Error Message Line
Failed test_webapp_authentication self = <azure.cli.testsdk.base.ExecutionResult object at 0x7f94d47aa0d0>
cli_ctx = <azure.cli.core.mock.DummyCli object at 0x7f94d65bccd0>
command = 'webapp auth show -g cli_test_webapp_authentication000001 -n webapp-authentication-test000002'
expect_failure = False

    def in_process_execute(self, cli_ctx, command, expect_failure=False):
        from io import StringIO
        from vcr.errors import CannotOverwriteExistingCassetteException
    
        if command.startswith('az '):
            command = command[3:]
    
        stdout_buf = StringIO()
        logging_buf = StringIO()
        try:
            # issue: stderr cannot be redirect in this form, as a result some failure information
            # is lost when command fails.
>           self.exit_code = cli_ctx.invoke(shlex.split(command), out_file=stdout_buf) or 0
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

src/azure-cli-testsdk/azure/cli/testsdk/base.py:303: 
                                        
env/lib/python3.13/site-packages/knack/cli.py:245: in invoke
    exit_code = self.exception_handler(ex)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^
src/azure-cli-core/azure/cli/core/init.py:157: in exception_handler
    return handle_exception(ex)
           ^^^^^^^^^^^^^^^^^^^^
src/azure-cli-testsdk/azure/cli/testsdk/patches.py:33: in handle_main_exception
    raise ex
env/lib/python3.13/site-packages/knack/cli.py:233: in invoke
    cmd_result = self.invocation.execute(args)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
src/azure-cli-core/azure/cli/core/commands/init.py:677: in execute
    raise ex
src/azure-cli-core/azure/cli/core/commands/init.py:820: in run_jobs_serially
    results.append(self.run_job(expanded_arg, cmd_copy))
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
src/azure-cli-core/azure/cli/core/commands/init.py:789: in run_job
    result = cmd_copy(params)
             ^^^^^^^^^^^^^^^^
src/azure-cli-core/azure/cli/core/commands/init.py:335: in call
    return self.handler(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
src/azure-cli-core/azure/cli/core/commands/command_operation.py:362: in handler
    show_exception_handler(ex)
src/azure-cli-core/azure/cli/core/commands/arm.py:476: in show_exception_handler
    raise ex
src/azure-cli-core/azure/cli/core/commands/command_operation.py:360: in handler
    return op(**command_args)
           ^^^^^^^^^^^^^^^^^^
src/azure-cli/azure/cli/command_modules/appservice/custom.py:2808: in get_auth_settings
    auth_settings_v2 = get_auth_settings_v2(cmd, resource_group_name, name, slot)
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
src/azure-cli/azure/cli/command_modules/appservice/custom.py:2714: in get_auth_settings_v2
    return generic_site_operation(cmd.cli_ctx, resource_group_name, name,
src/azure-cli/azure/cli/command_modules/appservice/appservice_utils.py:20: in generic_site_operation
    return (operation(resource_group_name, name)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/tracing/decorator.py:119: in wrapper_use_tracer
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/mgmt/web/v2024_11_01/operations/web_apps_operations.py:19638: in get_auth_settings_v2
    pipeline_response: PipelineResponse = self.client.pipeline.run(  # pylint: disable=protected-access
env/lib/python3.13/site-packages/azure/core/pipeline/base.py:242: in run
    return first_node.send(pipeline_request)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/mgmt/core/policies/base.py:95: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/pipeline/policies/redirect.py:205: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/pipeline/policies/retry.py:545: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/pipeline/policies/authentication.py:194: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/pipeline/base.py:98: in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/pipeline/base.py:130: in send
    self.sender.send(request.http_request, **request.context.options),
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/azure/core/pipeline/transport/requests_basic.py:375: in send
    response = self.session.request(  # type: ignore
env/lib/python3.13/site-packages/requests/sessions.py:592: in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/requests/sessions.py:706: in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
env/lib/python3.13/site-packages/requests/adapters.py:645: in send
    resp = conn.urlopen(
env/lib/python3.13/site-packages/urllib3/connectionpool.py:787: in urlopen
    response = self.make_request(
env/lib/python3.13/site-packages/urllib3/connectionpool.py:534: in make_request
    response = conn.getresponse()
               ^^^^^^^^^^^^^^^^^^
                                        

self = <VCRRequestsHTTPSConnection/mnt/vss/work/1/s/src/azure-cli/azure/cli/command_modules/appservice/tests/latest/recordings/test_webapp_authentication.yaml(host='management.azure.com', port=443) at 0x7f94d476dd00>
 = False, kwargs = {}

    def getresponse(self, =False, **kwargs):
        """Retrieve the response"""
        # Check to see if the cassette has a response for this request. If so,
        # then return it
        if self.cassette.can_play_response_for(self.vcr_request):
            log.info(f"Playing response for {self.vcr_request} from cassette")
            response = self.cassette.play_response(self.vcr_request)
            return VCRHTTPResponse(response)
        else:
            if self.cassette.write_protected and self.cassette.filter_request(self.vcr_request):
>               raise CannotOverwriteExistingCassetteException(
                    cassette=self.cassette,
                    failed_request=self.vcr_request,
                )
E               vcr.errors.CannotOverwriteExistingCassetteException: Can't overwrite existing cassette ('/mnt/vss/work/1/s/src/azure-cli/azure/cli/command_modules/appservice/tests/latest/recordings/test_webapp_authentication.yaml') in your current record mode ('once').
E               No match for the request (<Request (GET) https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list?api-version=2024-11-01>)&nbsp;was&nbsp;found.
E               Found 3 similar requests with 1 different matcher(s) :
E               
E               1 - (<Request (GET) https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_webapp_authentication000001?api-version=2024-11-01>).
E               Matchers succeeded : ['method', 'scheme', 'host', 'port', 'custom_request_query_matcher']
E               Matchers failed :
E               path - assertion failure :
E               /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list != /subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_webapp_authentication000001
E               
E               2 - (<Request (GET) https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2024-11-01>).
E               Matchers succeeded : ['method', 'scheme', 'host', 'port', 'custom_request_query_matcher']
E               Matchers failed :
E               path - assertion failure :
E               /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list != /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003
E               
E               3 - (<Request (GET) https://management.azure.com/providers/Microsoft.Web/webAppStacks?api-version=2024-11-01>).
E               Matchers succeeded : ['method', 'scheme', 'host', 'port', 'custom_request_query_matcher']
E               Matchers failed :
E               path - assertion failure :
E               /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list != /providers/Microsoft.Web/webAppStacks

env/lib/python3.13/site-packages/vcr/stubs/init.py:277: CannotOverwriteExistingCassetteException

During handling of the above exception, another exception occurred:

self = <azure.cli.command_modules.appservice.tests.latest.test_webapp_commands.WebappAuthenticationTest testMethod=test_webapp_authentication>
resource_group = 'cli_test_webapp_authentication000001'

    @AllowLargeResponse()
    @ResourceGroupPreparer(name_prefix='cli_test_webapp_authentication', location=WINDOWS_ASP_LOCATION_WEBAPP)
    def test_webapp_authentication(self, resource_group):
        webapp_name = self.create_random_name('webapp-authentication-test', 40)
        plan_name = self.create_random_name('webapp-authentication-plan', 40)
        self.cmd(
            'appservice plan create -g {} -n {} --sku S1'.format(resource_group, plan_name))
        self.cmd(
            'webapp create -g {} -n {} --plan {}'.format(resource_group, webapp_name, plan_name))
        # testing show command for newly created app and initial fields
>       self.cmd('webapp auth show -g {} -n {}'.format(resource_group, webapp_name)).assert_with_checks([
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
            JMESPathCheck('unauthenticatedClientAction', None),
            JMESPathCheck('defaultProvider', None),
            JMESPathCheck('enabled', False),
            JMESPathCheck('tokenStoreEnabled', None),
            JMESPathCheck('allowedExternalRedirectUrls', None),
            JMESPathCheck('tokenRefreshExtensionHours', None),
            JMESPathCheck('runtimeVersion', None),
            JMESPathCheck('clientId', None),
            JMESPathCheck('clientSecret', None),
            JMESPathCheck('clientSecretCertificateThumbprint', None),
            JMESPathCheck('allowedAudiences', None),
            JMESPathCheck('issuer', None),
            JMESPathCheck('facebookAppId', None),
            JMESPathCheck('facebookAppSecret', None),
            JMESPathCheck('facebookOauthScopes', None)
        ])

src/azure-cli/azure/cli/command_modules/appservice/tests/latest/test_webapp_commands.py:2098: 
                                        
src/azure-cli-testsdk/azure/cli/testsdk/base.py:177: in cmd
    return execute(self.cli_ctx, command, expect_failure=expect_failure).assert_with_checks(checks)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
src/azure-cli-testsdk/azure/cli/testsdk/base.py:252: in init
    self.in_process_execute(cli_ctx, command, expect_failure=expect_failure)
                                        

self = <azure.cli.testsdk.base.ExecutionResult object at 0x7f94d47aa0d0>
cli_ctx = <azure.cli.core.mock.DummyCli object at 0x7f94d65bccd0>
command = 'webapp auth show -g cli_test_webapp_authentication000001 -n webapp-authentication-test000002'
expect_failure = False

    def _in_process_execute(self, cli_ctx, command, expect_failure=False):
        from io import StringIO
        from vcr.errors import CannotOverwriteExistingCassetteException
    
        if command.startswith('az '):
            command = command[3:]
    
        stdout_buf = StringIO()
        logging_buf = StringIO()
        try:
            # issue: stderr cannot be redirect in this form, as a result some failure information
            # is lost when command fails.
            self.exit_code = cli_ctx.invoke(shlex.split(command), out_file=stdout_buf) or 0
            self.output = stdout_buf.getvalue()
            self.applog = logging_buf.getvalue()
    
        except CannotOverwriteExistingCassetteException as ex:
>           raise AssertionError(ex)
E           AssertionError: Can't overwrite existing cassette ('/mnt/vss/_work/1/s/src/azure-cli/azure/cli/command_modules/appservice/tests/latest/recordings/test_webapp_authentication.yaml') in your current record mode ('once').
E           No match for the request (<Request (GET) https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list?api-version=2024-11-01>)&nbsp;was&nbsp;found.
E           Found 3 similar requests with 1 different matcher(s) :
E           
E           1 - (<Request (GET) https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_webapp_authentication000001?api-version=2024-11-01>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list != /subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_webapp_authentication000001
E           
E           2 - (<Request (GET) https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003?api-version=2024-11-01>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list != /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/serverfarms/webapp-authentication-plan000003
E           
E           3 - (<Request (GET) https://management.azure.com/providers/Microsoft.Web/webAppStacks?api-version=2024-11-01>).
E           Matchers succeeded : ['method', 'scheme', 'host', 'port', '_custom_request_query_matcher']
E           Matchers failed :
E           path - assertion failure :
E           /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_webapp_authentication000001/providers/Microsoft.Web/sites/webapp-authentication-test000002/config/authsettingsV2/list != /providers/Microsoft.Web/webAppStacks

src/azure-cli-testsdk/azure/cli/testsdk/base.py:308: AssertionError		 azure/cli/command_modules/appservice/tests/latest/test_webapp_commands.py:2087
🔄aro
🔄latest
🔄3.12
🔄3.13
️✔️backup
️✔️latest
️✔️3.12
️✔️3.13
️✔️batch
️✔️latest
️✔️3.12
️✔️3.13
️✔️batchai
️✔️latest
️✔️3.12
️✔️3.13
🔄billing
🔄latest
🔄3.12
🔄3.13
️✔️botservice
️✔️latest
️✔️3.12
️✔️3.13
🔄cdn
🔄latest
🔄3.12
🔄3.13
🔄cloud
🔄latest
🔄3.12
🔄3.13
🔄cognitiveservices
🔄latest
️✔️3.12
🔄3.13
️✔️compute_recommender
️✔️latest
️✔️3.12
️✔️3.13
️✔️computefleet
️✔️latest
️✔️3.12
️✔️3.13
️✔️config
️✔️latest
️✔️3.12
️✔️3.13
🔄configure
🔄latest
️✔️3.12
🔄3.13
️✔️consumption
️✔️latest
️✔️3.12
️✔️3.13
️✔️container
️✔️latest
️✔️3.12
️✔️3.13
🔄containerapp
🔄latest
🔄3.12
🔄3.13
🔄core
🔄latest
️✔️3.12
🔄3.13
🔄cosmosdb
🔄latest
🔄3.12
🔄3.13
🔄databoxedge
🔄latest
🔄3.12
🔄3.13
🔄dls
🔄latest
🔄3.12
🔄3.13
🔄dms
🔄latest
️✔️3.12
🔄3.13
🔄eventgrid
🔄latest
🔄3.12
🔄3.13
🔄eventhubs
🔄latest
🔄3.12
🔄3.13
️✔️feedback
️✔️latest
️✔️3.12
️✔️3.13
🔄find
🔄latest
🔄3.12
🔄3.13
️✔️hdinsight
️✔️latest
️✔️3.12
️✔️3.13
🔄identity
🔄latest
🔄3.12
🔄3.13
🔄iot
🔄latest
️✔️3.12
🔄3.13
️✔️keyvault
️✔️latest
️✔️3.12
️✔️3.13
️✔️lab
️✔️latest
️✔️3.12
️✔️3.13
️✔️managedservices
️✔️latest
️✔️3.12
️✔️3.13
️✔️maps
️✔️latest
️✔️3.12
️✔️3.13
🔄marketplaceordering
🔄latest
🔄3.12
🔄3.13
🔄monitor
🔄latest
🔄3.12
🔄3.13
️✔️mysql
️✔️latest
️✔️3.12
️✔️3.13
️✔️netappfiles
️✔️latest
️✔️3.12
️✔️3.13
️✔️network
️✔️latest
️✔️3.12
️✔️3.13
🔄policyinsights
🔄latest
️✔️3.12
🔄3.13
🔄postgresql
🔄latest
🔄3.12
🔄3.13
🔄privatedns
🔄latest
🔄3.12
🔄3.13
🔄profile
🔄latest
🔄3.12
🔄3.13
️✔️rdbms
️✔️latest
️✔️3.12
️✔️3.13
️✔️redis
️✔️latest
️✔️3.12
️✔️3.13
️✔️relay
️✔️latest
️✔️3.12
️✔️3.13
🔄resource
🔄latest
🔄3.12
🔄3.13
️✔️role
️✔️latest
️✔️3.12
️✔️3.13
🔄search
🔄latest
️✔️3.12
🔄3.13
️✔️security
️✔️latest
️✔️3.12
️✔️3.13
️✔️servicebus
️✔️latest
️✔️3.12
️✔️3.13
️✔️serviceconnector
️✔️latest
️✔️3.12
️✔️3.13
️✔️servicefabric
️✔️latest
️✔️3.12
️✔️3.13
🔄signalr
🔄latest
🔄3.12
🔄3.13
🔄sql
🔄latest
️✔️3.12
🔄3.13
️✔️sqlvm
️✔️latest
️✔️3.12
️✔️3.13
🔄storage
🔄latest
🔄3.12
🔄3.13
🔄synapse
🔄latest
️✔️3.12
🔄3.13
️✔️telemetry
️✔️latest
️✔️3.12
️✔️3.13
️✔️util
️✔️latest
️✔️3.12
️✔️3.13
🔄vm
🔄latest
🔄3.12
🔄3.13

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Mar 26, 2026

Hi @seligj95,
Since the current milestone time is less than 7 days, this pr will be reviewed in the next milestone.

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Mar 26, 2026
edited
Loading

⚠️AzureCLI-BreakingChangeTest
⚠️appservice
rule cmd_name rule_message suggest_message
⚠️ 1006 - ParaAdd webapp auth update cmd webapp auth update added parameter require_https

@yonzhan
Copy link
Collaborator

yonzhan commented Mar 26, 2026

Thank you for your contribution! We will review the pull request and get back to you soon.

@github-actions
Copy link

github-actions bot commented Mar 26, 2026

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions).
After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>

@microsoft-github-policy-service microsoft-github-policy-service bot added the Auto-Assign Auto assign by bot label Mar 26, 2026
@seligj95
[App Service] Fix Azure#30021: Detect SP auth in deployment source co…
9d9c4af 
…nfig

When az webapp deployment source config --github-action is called
with Service Principal authentication, the Azure API returns 404
trying to look up a publishing user. This change adds client-side
detection to provide a clear error message directing users to
az webapp deployment github-actions add, which supports SP auth.

Fixes Azure#30021

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@seligj95 seligj95 changed the title [App Service] Fix #26603, #25662, #30322: az webapp auth: v2 auth migration improvements [App Service] Fix #26603, #25662, #30322, #30021: auth v2 migration and SP detection Mar 26, 2026
@seligj95 seligj95 mentioned this pull request Mar 26, 2026
Closed
Copilot AI reviewed Mar 26, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Improves az webapp auth to better support auth v2 during migration by auto-detecting v2 configurations, routing updates to the correct API, and adding a new v2 parameter for HTTPS enforcement.

Changes:

  • Added v2 detection and v2 update path, with v2-only params (e.g., --require-https) forcing v2 behavior for new setups.
  • Extended parameter surface and help text to reflect v1/v2 behavior and new v2 options.
  • Added unit tests covering v2 detection, show/update routing, and --require-https behavior.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 6 comments.

File Description
src/azure-cli/azure/cli/command_modules/appservice/custom.py Adds v2 auth detection + v2 update mapping; adds SP-auth guard for GitHub Actions source control config.
src/azure-cli/azure/cli/command_modules/appservice/_params.py Adds --require-https parameter for auth v2.
src/azure-cli/azure/cli/command_modules/appservice/_help.py Updates command help to describe v1/v2 autodetection and adds --require-https example.
src/azure-cli/azure/cli/command_modules/appservice/tests/latest/test_webapp_commands_thru_mock.py Adds mocked unit tests for v2 auth routing/mapping and SP-auth + GitHub Actions validation.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@seligj95
Address PR review: broaden v2 detection, narrow exceptions, fix secre…
6751003 
…t handling

- Fix 1: Broaden _is_auth_v2_app to detect Facebook, Google, Twitter,
  Microsoft identity providers and v2-specific sections (http_settings,
  login, global_validation)
- Fix 2: In get_auth_settings, catch only HttpResponseError instead of
  bare except, re-raise non-404 errors
- Fix 3: Same narrow exception handling in update_auth_settings v2 probe
- Fix 4: Wrap _is_service_principal_auth in try/except to handle profile
  lookup failures gracefully (return False)
- Fix 5: Store secret values in app settings and reference by name in
  client_secret_setting_name fields (AAD, Facebook, Google, Twitter,
  Microsoft Account)
- Fix 6: Add proper assertions on sent_settings in
  test_update_auth_settings_uses_v2_when_configured
- Fix flake8 continuation line indentation (E127/E128)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@seligj95 seligj95 changed the title [App Service] Fix #26603, #25662, #30322, #30021: auth v2 migration and SP detection [App Service] Fix auth v2 migration, SP detection, and new auth parameters Mar 26, 2026
@seligj95
Add v1 backward-compat fields to v2 auth settings output
ee4eae7 
When auth show/update returns a v2 (SiteAuthSettingsV2) response,
flatten key v2 fields into top-level v1 aliases so that existing
scripts and live tests that reference flat field names (enabled,
defaultProvider, tokenStoreEnabled, clientId, etc.) continue to
work without modification.

- Add _add_v1_compat_fields() helper that converts a v2 model to a
  dict containing both the nested v2 structure and flat v1 keys.
- Apply the compat shim in get_auth_settings (auth show) and
  update_auth_settings (auth update) when the v2 path is taken.
- Pass through original secret values (clientSecret,
  facebookAppSecret) as v1 compat overrides so they are not replaced
  by the v2 setting-name references.
- Update mock tests to verify both v2 nested keys and v1 compat
  fields; add dedicated unit tests for _add_v1_compat_fields().

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@yonzhan yonzhan assigned yanzhudd and unassigned jiasli and zhoxing-ms Mar 26, 2026
@seligj95
Refactor auth functions to fix pylint too-many-branches/returns
d65c677 
Extract _update_auth_settings_v2 (61 branches) into 9 focused helper
functions (_configure_auth_v2_platform, _configure_auth_v2_global_validation,
_configure_auth_v2_login, _configure_auth_v2_http_settings,
_configure_auth_v2_aad, _configure_auth_v2_facebook,
_configure_auth_v2_google, _configure_auth_v2_twitter,
_configure_auth_v2_microsoft_account), reducing the main function to
3 branches. Consolidate _is_auth_v2_app returns from 11 to 4 using
any() patterns. No behavior change.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@NoriZC NoriZC Awaiting requested review from NoriZC NoriZC is a code owner

@yanzhudd yanzhudd Awaiting requested review from yanzhudd yanzhudd is a code owner

@teresaritorto teresaritorto Awaiting requested review from teresaritorto teresaritorto is a code owner

@jsntcy jsntcy Awaiting requested review from jsntcy

@zhoxing-ms zhoxing-ms Awaiting requested review from zhoxing-ms

@yonzhan yonzhan Awaiting requested review from yonzhan

@wangzelin007 wangzelin007 Awaiting requested review from wangzelin007

@jiasli jiasli Awaiting requested review from jiasli

At least 1 approving review is required to merge this pull request.

Assignees

@yanzhudd yanzhudd

Labels

AAD act-identity-squad act-observability-squad Auto-Assign Auto assign by bot Web Apps az webapp

Projects

None yet

Milestone

May 2026 (2026-05-05)

6 participants

@seligj95 @yonzhan @jiasli @zhoxing-ms @yanzhudd