troubleshooting-authentication
Authentication Troubleshooting
Architecture
- Browser → MSAL.js (PKCE flow) → JWT with
Chat.ReadWritescope - Frontend → Backend (JWT Bearer token)
- Backend → Foundry Agent Service (ManagedIdentityCredential)
Common Issues
| Issue | Cause | Fix |
|---|---|---|
401 on /api/* |
Token missing scope | Verify Chat.ReadWrite scope in token |
ManagedIdentityCredential error locally |
Wrong environment | Set ASPNETCORE_ENVIRONMENT=Development |
| Token popup blocked | Browser settings | Allow popups for localhost |
| Silent token fails | No cached token | Fallback to popup (handled by useAuth) |
Backend: JWT Validation
More from microsoft-foundry/foundry-agent-webapp
writing-bicep-templates
Provides Bicep coding standards for Azure infrastructure in this repository. Use when writing or modifying Bicep files, configuring Container Apps, setting up RBAC, or working with Azure resources.
38writing-typescript-code
Provides TypeScript and React coding standards for this repository. Use when writing or modifying TypeScript code, creating React components, implementing MSAL authentication, or working with the frontend.
12deploying-to-azure
Provides deployment commands and troubleshooting for Azure Container Apps. Use when running azd commands, deploying containers, debugging deployment failures, or updating infrastructure in this repository.
11writing-csharp-code
Provides C# and ASP.NET Core coding standards for this repository. Use when writing or modifying C# code, implementing API endpoints, configuring middleware, or working with authentication in the backend.
11validating-ui-features
Provides step-by-step procedures for validating UI features - theme toggle, new chat, cancel stream, markdown rendering, and token usage info.
10implementing-chat-streaming
Provides SSE streaming patterns for the chat API and frontend. Use when implementing or modifying chat streaming, handling SSE events, or troubleshooting message flow between frontend and backend.
9