search

Azure-Samples / azure-search-openai-demo

A sample app for the Retrieval-Augmented Generation pattern running in Azure, using Azure AI Search for retrieval and Azure OpenAI large language models to power ChatGPT-style and Q&A experiences.
https://azure.microsoft.com/products/search
MIT License
6.05k stars 4.14k forks source link

Not able to use chat feature when logged in #1549

Open HatefulRock opened 6 months ago

HatefulRock commented 6 months ago

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Any log messages given by the failure

2024-04-19 10:52:31.704 +00:00 [Information] Microsoft.AspNetCore.Hosting.Diagnostics: Request starting HTTP/1.1 POST http://app-backend-ksvt74i3qnk76.azurewebsites.net/chat application/json 501 2024-04-19 10:52:31.722 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel.Connections: Connection id "0HN30BMKD876G" completed keep alive response. 2024-04-19 10:52:31.722 +00:00 [Information] Microsoft.AspNetCore.Hosting.Diagnostics: Request finished HTTP/1.1 POST http://app-backend-ksvt74i3qnk76.azurewebsites.net/chat application/json 501 - 403 - - 18.3866ms 2024-04-19 10:52:31.723 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HN30BMKD876G", Request id "0HN30BMKD876G:00000005": started reading request body. 2024-04-19 10:52:31.727 +00:00 [Debug] Microsoft.AspNetCore.Server.Kestrel: Connection id "0HN30BMKD876G", Request id "0HN30BMKD876G:00000005": done reading request body.

Expected/desired behavior

Hello, I recently activated the login feature and when AZURE_USE_AUTHENTICATION is true the chat feature works fine and anyone with the correct email can log into the page and use the app. However, when I log in using the login button, I am no longer able to use the chat feature and instead I get the following error message: type_error

When I inspect the page i see this message: error

I have tried changing some of the authentification code to see if it fixes the problem but nothing seems to be working. Thank you for your help.

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?) Windows 10

azd version?

run azd version and copy paste here. azd version 1.8.0

Versions

Mention any other details that might be useful

Thanks! We'll be in touch soon.

pamelafox commented 6 months ago

Is this happening locally or on production?

If it's happening locally, can you trace this code in decorators.py? I assume it's what is producing the 403:

def authenticated(route_fn: Callable[[Dict[str, Any]], Any]):
    """
    Decorator for routes that might require access control. Unpacks Authorization header information into an auth_claims dictionary
    """

    @wraps(route_fn)
    async def auth_handler():
        auth_helper = current_app.config[CONFIG_AUTH_CLIENT]
        try:
            auth_claims = await auth_helper.get_auth_claims_if_enabled(request.headers)
        except AuthError:
            abort(403)

        return await route_fn(auth_claims)

    return auth_handler

You could put the debugger inside the line where it tries to get the auth_claims to see where its failing.

HatefulRock commented 6 months ago

Thank you for the response. It is happening in production. I am unable to test the login feature locally because I get the error: image

even though I followed the AD configuration steps properly and configured the redirect URI according to the documentation: image

In production the redirect URI works fine. It is just locally where it doesn't.

kk0205 commented 5 months ago

hello, is this problem solved? i'm facing the same problem in production after enable force login, all fetaures will return 403 forbidden error.

HatefulRock commented 5 months ago

No I haven't been able to solve it yet. I tried modifying the authenticated function in decorators but still no result. My biggest issue is that I'm unable to debug the code locally since I am not able to redirect the login URI correctly. Tell me if you figure anything out.

amirj commented 5 months ago

I have the same issue as well; after enabling AZURE_ENFORCE_ACCESS_CONTROL in prod, getting the following error:

2024-05-10T08:04:52.774894433Z ERROR:root:Exception getting authorization information - "Authorization header is expected"
2024-05-10T08:04:52.774956234Z Traceback (most recent call last):
2024-05-10T08:04:52.774963634Z   File "/tmp/8dc7031b3e25fbb/core/authentication.py", line 200, in get_auth_claims_if_enabled
2024-05-10T08:04:52.774968434Z     auth_token = AuthenticationHelper.get_token_auth_header(headers)
2024-05-10T08:04:52.774973534Z   File "/tmp/8dc7031b3e25fbb/core/authentication.py", line 129, in get_token_auth_header
2024-05-10T08:04:52.774978135Z     raise AuthError(error="Authorization header is expected", status_code=401)
2024-05-10T08:04:52.774982635Z core.authentication.AuthError: Authorization header is expected
FComisso commented 4 months ago

I think the problem is that AppServiceAuthSession is in front of the Bearer token instead of "Bearer". The code skips and throws the error. The token is valid though.

ibrahimnasir0 commented 6 days ago

@HatefulRock Change your URI from http://127.0.0.1:50505/redirect to http://localhost:50505/redirect , it will work for you.