OIDC authentication: Cannot redirect to the authorization endpoint, the configuration may be missing or invalid

PowerShell Universal
1 
Product: PowerShell Universal
Version: 5.08

authentication.js file:

Set-PSUAuthenticationMethod -Type "OpenIDConnect" -CallbackPath "/auth/signin-oidc" -ClientId "4exxx" -ClientSecret "Y14xxx" -Authority "https://login.microsoftonline.com/6xxx" -UseTokenLifetime $true

Error:
Cannot redirect to the authorization endpoint, the configuration may be missing or invalid

This doesn’t happen all the time. I restart the service and it can happen out of the blue.

In the appsettings within c:\programdata\PowerShelUniversal\appsettings.config, the OIDC section is as follows:

"OIDC": {
      "Enabled": "true"
    },

When I go into the UI, the only two fields that show data are the callback URL and the secret. The other fields are now shown in the UI. But the authentication.ps file hasn’t changed.

What’s going on?

I have never encountered this in previous versions of PowerShell Universal.

This started happening in the 5.x versions.

In the main appsettings within the application installation folder, I of course see the full oidc section. But I’m assuming / expecting that this is overridden by the appsettings in the ProgramData directory.
“OIDC”: {
“Enabled”: “false”,
“CallbackPath”: “/auth/signin-oidc”,
“ClientID”: “”,
“ClientSecret”: “”,
“Resource”: “”,
“Authority”: “”,
“ResponseType”: “”,
“SaveTokens”: “false”,
“CorrelationCookieSameSite”: “”,
“UseTokenLifetime”: true,
“Scope”: “openid profile groups”,
“GetUserInfo”: false
},


Installed from MSI 
Hosted using Kestrel
Running under service account


```Solution is to go in and re-apply the config using the UI. 

Can anyone suggest what is happening? 

When I go back in and look at the authentication.ps1 file, the -ResponseType "code" is not found.  When I open the UI again, it's there. 

Is PowerShell Universal just cashing this and not actually writing the correct version to the authentication.ps1 file? 

I don't always see logging from the Entra ID enterprise application. But when I do, I see missing body parameter.  So it's obviously looking for that ResponseType parameter to be set. 

I suspect this is a bug.