6-Call-OwnApi-ManagedIdentity cannot work outside of Azure-hosted infra, and has confusing instructions #206
Description
Hello there!
I just spent a couple of days working through this before realising that it was never going to work. Some issues, in no order:
- The readme says you need a VM or App Service running in Azure but doesn't tell you how to run the API server or the daemon in those environments
- If you don't run the client in an Azure environment it cannot be given a managed identity.
- If you run the client in an Azure environment, it's unlikely you'll be able to use
localhostto reach the API server, so documentation on how to set that correctly would be helpful - 'Expose an API' doesn't have a 'Set' button in the Azure Portal
- If you add the 'app role' verbatim in the manifest there's an error because
langisnull. Removing it entirely works fine - The instructions for granting the managed ID permissions on the app role could have inlined the relevant PowerShell from the linked documentation (and the changes required) - and made explicit that this operation is not possible in the portal (unless I'm mistaken?)
- The docs don't say that you need to update the
Scopeskey in the console app config with the API server GUID - As mentioned in [6-Call-OwnApi - ManagedIdentity] Missing configuration issue with force to create app registration for deamon app #202 there are spaces in some of the config keys, which breaks the parsing