search

Azure-Samples / azure-search-openai-demo

A sample app for the Retrieval-Augmented Generation pattern running in Azure, using Azure AI Search for retrieval and Azure OpenAI large language models to power ChatGPT-style and Q&A experiences.
https://azure.microsoft.com/products/search
MIT License
5.9k stars 4.04k forks source link

Authorization issue (403) after setting up authentication #1945

Open akallai opened 2 weeks ago

akallai commented 2 weeks ago

Please provide us with the following information:

This issue is for a: (mark with an x)

- [(x)] bug report -> please search issues before submitting
- [ ] feature request
- [(x)] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

I am facing an issue after trying to setup the authentication.

I followed manual setup instructions for the app registrations. After deployment I am facing the login screen which works fine (loggin in works). But after trying to use the chat i am getting this error "Error: Request failed with status 403" image

Here are the Network logs: GET https://application828273643-dev.azurewebsites.net/.auth/refresh 403 (Forbidden) authConfig.ts:152 POST https://application828273643-dev.azurewebsites.net/ask net::ERR_ABORTED 403 (Forbidden) api.ts:27 Am I missing something?

Minimal steps to reproduce

  1. following manual setup instructions of the add login documentation
  2. running "azd up" with this configuration: AZURE_AUTH_TENANT_ID= AZURE_CLIENT_APP_ID= AZURE_ENABLE_GLOBAL_DOCUMENT_ACCESS="true" AZURE_ENFORCE_ACCESS_CONTROL="false" AZURE_PUBLIC_NETWORK_ACCESS="Enabled" AZURE_SERVER_APP_ID= AZURE_SERVER_APP_SECRET= AZURE_SUBSCRIPTION_ID= AZURE_TENANT_ID= AZURE_USE_AUTHENTICATION="true"
  3. giving consent
  4. Login and afterwards trying to use the app

Any log messages given by the failure

GET https://application828273643-dev.azurewebsites.net/.auth/refresh 403 (Forbidden) - authConfig.ts:152 POST https://application828273643-dev.azurewebsites.net/ask net::ERR_ABORTED 403 (Forbidden) - api.ts:27

Expected/desired behavior

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

azd version?

run azd version and copy paste here. azd version 1.9.6

Versions

Mention any other details that might be useful

Thanks! We'll be in touch soon.

pamelafox commented 2 weeks ago

Your issue looks similar to this thread: https://github.com/Azure-Samples/azure-search-openai-demo/issues/1549

Can you try to get additional logs, per my recommendations in that thread? Does it work locally?

mapplegate commented 2 weeks ago

Moved to 2:30 PT

From: Pamela Fox @.> Reply-To: Azure-Samples/azure-search-openai-demo @.> Date: Tuesday, September 3, 2024 at 4:40 PM To: Azure-Samples/azure-search-openai-demo @.> Cc: Subscribed @.> Subject: Re: [Azure-Samples/azure-search-openai-demo] Authorization issue (403) after setting up authentication (Issue #1945)

CAUTION: This email originated from outside your organization. Exercise caution when opening attachments or clicking links, especially from unknown senders.

Your issue looks similar to this thread:

1549https://github.com/Azure-Samples/azure-search-openai-demo/issues/1549

Can you try to get additional logs, per my recommendations in that thread? Does it work locally?

— Reply to this email directly, view it on GitHubhttps://github.com/Azure-Samples/azure-search-openai-demo/issues/1945#issuecomment-2327631546, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AFZB2P5UBN5TUKGGAZJ237TZUZCFFAVCNFSM6AAAAABNKGOXC6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMRXGYZTCNJUGY. You are receiving this because you are subscribed to this thread.Message ID: @.***>

mapplegate commented 2 weeks ago

@.*** would like to recall the message, "Re: [Azure-Samples/azure-search-openai-demo] Authorization issue (403) after setting up authentication (Issue #1945)".

Elhameh commented 4 days ago

Hi,

I'm getting the same error message. Below you can find the error log.

INFO:hypercorn.error:Running on http://127.0.0.1:50505 (CTRL + C to quit) [2024-09-13 21:26:43 +0200] [56386] [INFO] 127.0.0.1:56590 GET / 1.1 304 - 6624 [2024-09-13 21:26:43 +0200] [56386] [INFO] 127.0.0.1:56590 GET /auth_setup 1.1 200 528 1375 [2024-09-13 21:26:43 +0200] [56386] [INFO] 127.0.0.1:56590 GET /.auth/me 1.1 404 207 766 [2024-09-13 21:26:43 +0200] [56386] [INFO] 127.0.0.1:56590 GET /config 1.1 200 219 1231 [2024-09-13 21:26:47 +0200] [56386] [INFO] 127.0.0.1:56590 GET /.auth/me 1.1 404 207 1444 ERROR:root:Exception getting authorization information - "Authorization header is expected" Traceback (most recent call last): File "/Users/*/Library/CloudStorage//Desktop/chatbot_folder/app/backend/core/authentication.py", line 217, in get_auth_claims_if_enabled auth_token = AuthenticationHelper.get_token_auth_header(headers) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Users/**/Library/CloudStorage/**/Desktop/chatbot_folder/app/backend/core/authentication.py", line 139, in get_token_auth_header raise AuthError(error="Authorization header is expected", status_code=401) core.authentication.AuthError: Authorization header is expected [2024-09-13 21:26:47 +0200] [56386] [INFO] 127.0.0.1:56590 POST /chat/stream 1.1 403 213 3486