Umbraco 17.3 regression: OAuth clients (umbraco-swagger, umbraco-postman) not registered after unattended install

[hifi-phil]

Summary

BackOfficeApplicationManager.EnsureBackOfficeApplicationAsync only registers the umbraco-swagger and umbraco-postman OAuth clients when RuntimeLevel >= Upgrade. In Umbraco 17.3, a fresh unattended install no longer triggers client registration on the first boot. The clients are only registered after restarting the application.

This is a regression from 17.2 where the clients were registered correctly on first boot.

Steps to reproduce

1. Create a new Umbraco 17.3 project with unattended install configured
2. Start Umbraco (first boot — performs unattended install)
3. Try to authenticate via the umbraco-swagger OAuth client

Expected

The umbraco-swagger client is registered and available after the unattended install completes (as it was in 17.2).

Actual

Token endpoint returns invalid_client for umbraco-swagger. The client is not registered in OpenIddict.

Restarting Umbraco fixes it — on the second boot, RuntimeLevel is Run (>= Upgrade), so the clients are registered.

Relevant code

BackOfficeApplicationManager.EnsureBackOfficeApplicationAsync:

if (_runtimeState.Level < RuntimeLevel.Upgrade)
{
    return; // Skips client registration on Install level
}

Workaround

Restart Umbraco after the unattended install completes.

Environment

• Umbraco 17.3.x (regression — works correctly in 17.2 and earlier)
• Unattended install with SQL Server and SQLite
• Affects ASPNETCORE_ENVIRONMENT=Development (swagger client is only registered in non-Production)

[AndyButland]

Fixed via #22368 for 17.3.2.