azure-sdk-for-net icon indicating copy to clipboard operation
azure-sdk-for-net copied to clipboard

Published 20 hours ago verified publisher icon Azure

[QUERY] "Invalid Audience" error instead of "Entity Not Found"

Open arunprakashn opened this issue 1 year ago • 11 comments
trafficstars

Library name and version

Azure.Messaging.Servicebus 7.14.0

Query/Question

Previous Issue 36838

Regarding the previous issue, I should expect " 404 messaging entity not found" but I am starting to get "401 Invalid Audience". Did something change at the service level where the exception is reported differently now?

This used to work until yesterday when the exception was "messaging entity not found" and I handled it in my code and it has changed to "Invalid Audience". Note that this happens if I use SasToken generated for a particular queue. Previously, this worked for both connection string and long-lived-sas-connection-string generated for a given queue.

Need inputs on whether the service level exception behaviour and if the return error codes have changed.

Environment

No response

arunprakashn avatar Jun 26 '24 05:06 arunprakashn

Hi @arunprakashn. Thaks for reaching out and we regret that you're experiencing difficulties. This is normal and expected behavior. For security reasons, the service performs authorization before it checks for the existence of an entity, ensuring that callers without permissions cannot probe the service to find out what entities may or may not exist.

Because your call was unauthorized, it is rejected before the service attempts to locate and connect to the entity. If you are attempting to discover whether or not an entity exists, you must use valid credentials authorized for that entity.

jsquire avatar Jun 26 '24 13:06 jsquire

Hi @arunprakashn. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

github-actions[bot] avatar Jun 26 '24 13:06 github-actions[bot]

Hi @jsquire If you refer to the other issue(https://github.com/Azure/azure-sdk-for-net/issues/36838) that I have linked, you said the other way round when I asked you why it should be "EntityNotFound' instead of "Unauthorized". Also, this behaviour has been observed only since yesterday. Has something changed at the service bus level?

/unresolve

arunprakashn avatar Jun 26 '24 14:06 arunprakashn

/unresolve

arunprakashn avatar Jun 26 '24 14:06 arunprakashn

@arunprakashn: At some point, the Service Bus team changed the ordering on the service. My statement above was confirmation from them directly. The client has no direct insight nor influence over the behavior. If you'd like to discuss further, you'll need to engage with the service team directly. To do so, you'd need to open an Azure support request or inquire on the Microsoft Q&A site.

jsquire avatar Jun 26 '24 14:06 jsquire

Hi @arunprakashn. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

github-actions[bot] avatar Jun 26 '24 14:06 github-actions[bot]

/unresolve

It is difficult if the behavior changes abruptly without any intimation. Are there any release notes or any other communication regarding this? Because I wrote the logic based on what you had told in the other issue and now since yesterday its the other way around.

arunprakashn avatar Jun 26 '24 14:06 arunprakashn

To reiterate: this is a service behavior and not something that the Azure SDK package has insight into nor influence over. The maintainers of the Azure SDK are unable to assist with questions about service releases, unexpected service behaviors, nor other service issues. You will need to engage the Service Bus service team, as discussed in my previous comment.

jsquire avatar Jun 26 '24 14:06 jsquire

Hi @arunprakashn. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

github-actions[bot] avatar Jun 26 '24 14:06 github-actions[bot]

Thanks @jsquire Could you please confirm that when getting this "Invalid Audience" error the SDK has established AMQPS with Azure Service bus? I am interested in checking if the source machine can establish AMQPS successfully.

arunprakashn avatar Jun 26 '24 15:06 arunprakashn

@arunprakashn: Yes, a connection has been established for you to see that message. The error is generated by the service; the client does not parse or validate audiences.

jsquire avatar Jun 26 '24 15:06 jsquire

Hi @arunprakashn, since you haven’t asked that we /unresolve the issue, we’ll close this out. If you believe further discussion is needed, please add a comment /unresolve to reopen the issue.

github-actions[bot] avatar Jul 03 '24 16:07 github-actions[bot]