Open HatefulRock opened 6 months ago
Is this happening locally or on production?
If it's happening locally, can you trace this code in decorators.py? I assume it's what is producing the 403:
def authenticated(route_fn: Callable[[Dict[str, Any]], Any]):
"""
Decorator for routes that might require access control. Unpacks Authorization header information into an auth_claims dictionary
"""
@wraps(route_fn)
async def auth_handler():
auth_helper = current_app.config[CONFIG_AUTH_CLIENT]
try:
auth_claims = await auth_helper.get_auth_claims_if_enabled(request.headers)
except AuthError:
abort(403)
return await route_fn(auth_claims)
return auth_handler
You could put the debugger inside the line where it tries to get the auth_claims to see where its failing.
Thank you for the response. It is happening in production. I am unable to test the login feature locally because I get the error:
even though I followed the AD configuration steps properly and configured the redirect URI according to the documentation:
In production the redirect URI works fine. It is just locally where it doesn't.
hello, is this problem solved? i'm facing the same problem in production after enable force login, all fetaures will return 403 forbidden error.
No I haven't been able to solve it yet. I tried modifying the authenticated function in decorators but still no result. My biggest issue is that I'm unable to debug the code locally since I am not able to redirect the login URI correctly. Tell me if you figure anything out.
I have the same issue as well; after enabling AZURE_ENFORCE_ACCESS_CONTROL in prod, getting the following error:
2024-05-10T08:04:52.774894433Z ERROR:root:Exception getting authorization information - "Authorization header is expected"
2024-05-10T08:04:52.774956234Z Traceback (most recent call last):
2024-05-10T08:04:52.774963634Z File "/tmp/8dc7031b3e25fbb/core/authentication.py", line 200, in get_auth_claims_if_enabled
2024-05-10T08:04:52.774968434Z auth_token = AuthenticationHelper.get_token_auth_header(headers)
2024-05-10T08:04:52.774973534Z File "/tmp/8dc7031b3e25fbb/core/authentication.py", line 129, in get_token_auth_header
2024-05-10T08:04:52.774978135Z raise AuthError(error="Authorization header is expected", status_code=401)
2024-05-10T08:04:52.774982635Z core.authentication.AuthError: Authorization header is expected
I think the problem is that AppServiceAuthSession is in front of the Bearer token instead of "Bearer". The code skips and throws the error. The token is valid though.
@HatefulRock Change your URI from http://127.0.0.1:50505/redirect to http://localhost:50505/redirect , it will work for you.
This issue is for a: (mark with an
x
)Minimal steps to reproduce
Any log messages given by the failure
Expected/desired behavior
When I inspect the page i see this message:
I have tried changing some of the authentification code to see if it fixes the problem but nothing seems to be working. Thank you for your help.
OS and Version?
azd version?
Versions
Mention any other details that might be useful