search

Azure-Samples / azure-search-openai-demo

A sample app for the Retrieval-Augmented Generation pattern running in Azure, using Azure AI Search for retrieval and Azure OpenAI large language models to power ChatGPT-style and Q&A experiences.
https://azure.microsoft.com/products/search
MIT License
6.39k stars 4.27k forks source link

unable to do local debugging for ALC related features because login does not work #2109

Open cforce opened 1 month ago

cforce commented 1 month ago

When using VisCode Debug Runcfg Pythzon:Qaurt and Runcfg Frontend:Watch and trying to login via the login button i get below error

Sorry, but we’re having trouble signing you in.

AADSTS650056: Misconfigured application. This could be due to one of the following: the client has not listed any permissions for 'Microsoft Graph' in the requested permissions in the client's application registration. Or, the admin has not consented in the tenant. Or, check the application identifier in the request to ensure it matches the configured client application identifier. Or, check the certificate in the request to ensure it's valid. Please contact your admin to fix the configuration or consent on behalf of the tenant. Client app ID: XXXXXXXXXXXXXXXXXXXXXXXXX.

I am using

AZURE_USE_AUTHENTICATION="true" AZURE_ENABLE_GLOBAL_DOCUMENT_ACCESS="true" AZURE_ENABLE_UNAUTHENTICATED_ACCESS="false" AZURE_ENFORCE_ACCESS_CONTROL="true"

Testing without login raises the below

"Error: Request failed with status 403"

The stack trace is ...

INFO:root:get_token_auth_header.authNone
ERROR:root:Exception getting authorization information - "Authorization header is expected"
Traceback (most recent call last):
  File "/../app/backend/core/authentication.py", line 217, in get_auth_claims_if_enabled
    auth_token = AuthenticationHelper.get_token_auth_header(headers)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/mnt/c/git/openai/mic-docbot/app/backend/core/authentication.py", line 139, in get_token_auth_header
    raise AuthError(error="Authorization header is expected", status_code=401)
core.authentication.AuthError: Authorization header is expected
[2024-11-02 11:01:03 +0100] [1325733] [INFO] 127.0.0.1:34410 POST /chat/stream 1.1 403 213 14539

Reason: The function get_auth_claims_if_enabled()->get_token_auth_header() is called an mandatory requires x-ms-token-aad-access-token

When i set below...

..i can run queries but then i am unable to debug authorization context features like ACL switched on by AZURE_ENFORCE_ACCESS_CONTROL. But How to make the login works on local development?

Even if if use the same same PRINCIPAL for the execution of the debugged app on vscode as i do for the cloud successfully i get above error message,

Btw i spotted a bug : Overriding the env vars in then vscode launch.,json ""env": .." section does not work because of load_azd_env.py always gives the dot env presence. Therefore i changed load_dotenv(env_file_path, override=True) to load_dotenv(env_file_path, override=False)

pamelafox commented 3 weeks ago

I am able to use local debugging using either the frontend server (and configuration): http://localhost:5173/ Or the backend server (and configuration) http://localhost:50505/

Are you getting this error with http://localhost:50505/ ?

cforce commented 3 weeks ago

yes, the the latter on 50505 started with launch.json "Python: Quart",

cforce commented 3 weeks ago

Setup looks good for me ..and works on azure image

pamelafox commented 3 weeks ago

Here are screenshots from my Application configuration, from various pages in the portal. Can you cross-check with these?

Screenshot 2024-11-07 at 4 19 51 PM

Screenshot 2024-11-07 at 4 19 45 PM

Screenshot 2024-11-07 at 4 19 30 PM

cforce commented 3 weeks ago

This is in the CLient App Registration, right Why did you add Ms Grapgh User.Read? This is missing in the documentation, isn' it? I have set http://localhost:50505/redirect but neither http://localhost:5173 or the backend uri. Both was not mentioned in the docs at all, was it?