aspnetcore icon indicating copy to clipboard operation
aspnetcore copied to clipboard

Published 20 hours ago verified publisher icon dotnet

SignalR WebSocket Connection Fails Due to Excessive URL Length When Using Large JWT Access Tokens in Blazor WebAssembly

Open Gopichandar opened this issue 4 months ago • 0 comments

Is there an existing issue for this?

  • [x] I have searched the existing issues

Describe the bug

I'm experiencing an issue with SignalR in a Blazor WebAssembly application where the WebSocket connection fails because the URL exceeds the maximum length allowed. This happens when using large JWT access tokens that contain numerous claims. Since browsers don't allow custom headers in WebSocket requests, SignalR appends the access token to the URL as a query parameter (access_token), leading to excessively long URLs.

Expected Behavior

SignalR should establish a WebSocket connection successfully, even when using large JWT access tokens with numerous claims.

Steps To Reproduce

Set Up Blazor WebAssembly App with SignalR:

  • Create a Blazor WebAssembly application that uses SignalR for real-time communication.
  • Implement authentication using JWT tokens that include a large number of claims (roles, permissions, etc.), resulting in a sizable token.

Configure SignalR Client:

  • In the Blazor client, set up the SignalR connection using the HubConnectionBuilder:
_hubConnection = new HubConnectionBuilder()

    .WithUrl(_navigationManager.BaseUri + "taskHub", options =>

    {

        options.AccessTokenProvider = async () => await _stateProvider.GetAccessToken();

    })

    .Build();
  • This configuration causes SignalR to send the access token via the query string parameter access_token.

wss://localhost:6001/taskHub?id=ugqggKcLbyf5RR-QmI11vw&access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1laWRlbnRpZmllciI6ImM3ZTQwMGQzLTY1ZWQtNDMwOS1iOGU4LWI4OWFlMTdkZDU2MiIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2VtYWlsYWRkcmVzcyI6ImphY3F1ZXNAYS14aW9tLmNvbSIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL25hbWUiOiJKYWNxdWVzIiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMj...MuSW52b2ljZXMuRGFzaGJvYXJkIiwiUGVybWlzc2lvbnMuSW52b2ljZXMuTWFuYWdlIiwiUGVybWlzc2lvbnMuU3VwcGxpZXJzLlZpZXciLCJQZXJtaXNzaW9ucy5TdXBwbGllcnMuQ3JlYXRlIiwiUGVybWlzc2lvbnMuU3VwcGxpZXJzLkVkaXQiLCJQZXJtaXNzaW9ucy5TdXBwbGllcnMuRGVsZXRlIiwiUGVybWlzc2lvbnMuRHluYW1pY1BhZ2VQcm9kdWN0cy5WaWV3IiwiUGVybWlzc2lvbnMuRHluYW1pY1BhZ2VQcm9kdWN0cy5DcmVhdGUiLCJQZXJtaXNzaW9ucy5EeW5hbWljUGFnZVByb2R1Y3RzLkVkaXQiLCJQZXJtaXNzaW9ucy5EeW5hbWljUGFnZVByb2R1Y3RzLkRlbGV0ZSJdLCJleHAiOjE3Mjk0MDY5MzN9.6hfP850-1cc8-wZnqd1vlK10gJLYCGdgdrgdfbgfnbfg Attempt to Establish WebSocket Connection:

  • Run the application and attempt to establish the SignalR connection.
  • Observe that the WebSocket connection fails.

Exceptions (if any)

SignalR should establish a WebSocket connection successfully, even when using large JWT access tokens with numerous claims.

.NET Version

.net 8

Anything else?

No response

Gopichandar avatar Oct 21 '24 01:10 Gopichandar