azure-search-openai-demo icon indicating copy to clipboard operation
azure-search-openai-demo copied to clipboard

Published 20 hours ago verified publisher icon Azure-Samples

Not able to use chat feature when logged in

Open HatefulRock opened this issue 1 year ago • 10 comments

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Any log messages given by the failure

2024-04-19 10:52:31.704 +00:00 [Information] Microsoft.AspNetCore.Hosting.Diagnostics: Request starting HTTP/1.1 POST http://app-backend-ksvt74i3qnk76.azurewebsites.net/chat application/json 501 2024-04-19 10:52:31.722 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel.Connections: Connection id "0HN30BMKD876G" completed keep alive response. 2024-04-19 10:52:31.722 +00:00 [Information] Microsoft.AspNetCore.Hosting.Diagnostics: Request finished HTTP/1.1 POST http://app-backend-ksvt74i3qnk76.azurewebsites.net/chat application/json 501 - 403 - - 18.3866ms 2024-04-19 10:52:31.723 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HN30BMKD876G", Request id "0HN30BMKD876G:00000005": started reading request body. 2024-04-19 10:52:31.727 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HN30BMKD876G", Request id "0HN30BMKD876G:00000005": done reading request body.

Expected/desired behavior

Hello, I recently activated the login feature and when AZURE_USE_AUTHENTICATION is true the chat feature works fine and anyone with the correct email can log into the page and use the app. However, when I log in using the login button, I am no longer able to use the chat feature and instead I get the following error message: type_error

When I inspect the page i see this message: error

I have tried changing some of the authentification code to see if it fixes the problem but nothing seems to be working. Thank you for your help.

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?) Windows 10

azd version?

run azd version and copy paste here. azd version 1.8.0

Versions

Mention any other details that might be useful

Thanks! We'll be in touch soon.

HatefulRock avatar Apr 19 '24 11:04 HatefulRock

Is this happening locally or on production?

If it's happening locally, can you trace this code in decorators.py? I assume it's what is producing the 403:

def authenticated(route_fn: Callable[[Dict[str, Any]], Any]):
    """
    Decorator for routes that might require access control. Unpacks Authorization header information into an auth_claims dictionary
    """

    @wraps(route_fn)
    async def auth_handler():
        auth_helper = current_app.config[CONFIG_AUTH_CLIENT]
        try:
            auth_claims = await auth_helper.get_auth_claims_if_enabled(request.headers)
        except AuthError:
            abort(403)

        return await route_fn(auth_claims)

    return auth_handler

You could put the debugger inside the line where it tries to get the auth_claims to see where its failing.

pamelafox avatar Apr 25 '24 23:04 pamelafox

Thank you for the response. It is happening in production. I am unable to test the login feature locally because I get the error: image

even though I followed the AD configuration steps properly and configured the redirect URI according to the documentation: image

In production the redirect URI works fine. It is just locally where it doesn't.

HatefulRock avatar Apr 26 '24 14:04 HatefulRock

hello, is this problem solved? i'm facing the same problem in production after enable force login, all fetaures will return 403 forbidden error.

kk0205 avatar May 03 '24 01:05 kk0205

No I haven't been able to solve it yet. I tried modifying the authenticated function in decorators but still no result. My biggest issue is that I'm unable to debug the code locally since I am not able to redirect the login URI correctly. Tell me if you figure anything out.

HatefulRock avatar May 03 '24 07:05 HatefulRock

I have the same issue as well; after enabling AZURE_ENFORCE_ACCESS_CONTROL in prod, getting the following error:

2024-05-10T08:04:52.774894433Z ERROR:root:Exception getting authorization information - "Authorization header is expected"
2024-05-10T08:04:52.774956234Z Traceback (most recent call last):
2024-05-10T08:04:52.774963634Z   File "/tmp/8dc7031b3e25fbb/core/authentication.py", line 200, in get_auth_claims_if_enabled
2024-05-10T08:04:52.774968434Z     auth_token = AuthenticationHelper.get_token_auth_header(headers)
2024-05-10T08:04:52.774973534Z   File "/tmp/8dc7031b3e25fbb/core/authentication.py", line 129, in get_token_auth_header
2024-05-10T08:04:52.774978135Z     raise AuthError(error="Authorization header is expected", status_code=401)
2024-05-10T08:04:52.774982635Z core.authentication.AuthError: Authorization header is expected

amirj avatar May 10 '24 08:05 amirj

I think the problem is that AppServiceAuthSession is in front of the Bearer token instead of "Bearer". The code skips and throws the error. The token is valid though.

FComisso avatar Jun 03 '24 21:06 FComisso