az webapp auth set - error bad request

[dfberry]

az feedback auto-generates most of the information requested below, as of CLI version 2.0.62

I get the following error when trying to add scopes for app service easy auth:

Bad Request({"error":{"code":"InvalidApiVersionParameter","message":"The api-version '2020-12-01' is invalid. The supported versions are '2023-03-01-preview,2022-12-01,2022-11-01-preview,2022-09-01,2022-06-01,2022-05-01,2022-03-01-preview,2022-01-01,2021-04-01,2021-01-01,2020-10-01,2020-09-01,2020-08-01,2020-07-01,2020-06-01,2020-05-01,2020-01-01,2019-11-01,2019-10-01,2019-09-01,2019-08-01,2019-07-01,2019-06-01,2019-05-10,2019-05-01,2019-03-01,2018-11-01,2018-09-01,2018-08-01,2018-07-01,2018-06-01,2018-05-01,2018-02-01,2018-01-01,2017-12-01,2017-08-01,2017-06-01,2017-05-10,2017-05-01,2017-03-01,2016-09-01,2016-07-01,2016-06-01,2016-02-01,2015-11-01,2015-01-01,2014-04-01-preview,2014-04-01,2014-01-01,2013-03-01,2014-02-26,2014-04'."}})

The script is located on the sampes repo I own (alias=diberry)

The JSON I'm injected looks like

{
  "globalValidation": {
    "redirectToProvider": "azureactivedirectory",
    "requireAuthentication": true,
    "unauthenticatedClientAction": "RedirectToLoginPage"
  },
  "httpSettings": {
    "forwardProxy": { "convention": "NoProxy" },
    "requireHttps": true,
    "routes": { "apiPrefix": "/.auth" }
  },
  "identityProviders": {
    "apple": { "enabled": true, "login": {}, "registration": {} },
    "azureActiveDirectory": {
      "enabled": true,
      "isAutoProvisioned": true,
      "login": {
        "disableWWWAuthenticate": false,
        "loginParameters": [
          "scope=openid email profile offline_access api://REMOVED-FOR-SECURITY/user_impersonation"
        ]
      },
      "registration": {
        "clientId": "9069fbed-9608-432c-9da2-833978ed7b5f",
        "clientSecretSettingName": "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET",
        "openIdIssuer": "https://sts.windows.net/REMOVED-FOR-SECURITY/v2.0"
      },
      "validation": {
        "allowedAudiences": ["api://REMOVED-FOR-SECURITY"],
        "defaultAuthorizationPolicy": { "allowedPrincipals": {} },
        "jwtClaimChecks": {}
      }
    },
    "facebook": { "enabled": true, "login": {}, "registration": {} },
    "gitHub": { "enabled": true, "login": {}, "registration": {} },
    "google": {
      "enabled": true,
      "login": {},
      "registration": {},
      "validation": {}
    },
    "legacyMicrosoftAccount": {
      "enabled": true,
      "login": {},
      "registration": {},
      "validation": {}
    },
    "twitter": { "enabled": true, "registration": {} }
  },
  "login": {
    "cookieExpiration": {
      "convention": "FixedTime",
      "timeToExpiration": "08:00:00"
    },
    "nonce": { "nonceExpirationInterval": "00:05:00", "validateNonce": true },
    "preserveUrlFragmentsForLogins": false,
    "routes": {},
    "tokenStore": {
      "azureBlobStorage": {},
      "enabled": true,
      "fileSystem": {},
      "tokenRefreshExtensionHours": 72
    }
  },
  "platform": { "enabled": true, "runtimeVersion": "~1" }
}

Related command

Describe the bug

I'm not sure how the version number issue could be from my script or JSON as neither appears to indicate the version number.

To Reproduce

1. Create resources with app-creation.sh - change resource name to be unique.
2. Add easy auth - Microsoft Identity provider to frontend app in the Azure portal
3. Update auth with access-token.sh - change resource name to be same as first script.

Expected behavior

Environment summary

Additional context

[dfberry]

@dbradish-microsoft @mattchenderson - Easy auth config fails - probably my fault but not sure what to fix based on the error. @rwike77

[yonzhan]

route to CXP team

[dfberry]

@diberry - NTS