Open cwatson-sidub opened 3 months ago
Y-Sindo
commented
3 months ago Hi, I believe the Azure Functions Team might have more expertise on this. Could you provide the repro steps for your issue, especially on how your function app is configured?
cwatson-sidub
commented
3 months ago I'll do that - I was trying to find the code that introduces the /runtime/webhooks/signalr path, so I might analyze it / try and figure things out. I figured that it was part of this repository but couldn't find it.
Regarding reproduction - if you deploy any serverless SignalR / isolated function sample, confirm it functions using the "runtime/webhooks/signalr?code=
For testing, I've placed an API management layer between my SignalR and function app for upstream communications; this has allowed me to retrieve much greater detail in terms of the actual requests going through and I'm able to log the request / response and the authentication header value. Using this value, I've confirmed that the token works successfully when hitting my "HealthCheck" function endpoint (i.e., "/api/HealthCheck") however the token does not work when trying to access the SignalR webhook endpoint "/runtime/webhooks/signalr" and a 403 forbidden error is thrown.
Update - I've submitted a report here as well https://github.com/Azure/Azure-Functions/issues/2531.
Might not be the right spot, but this is the closest I could find.
I have a fully functioning serverless SignalR / Azure Function (isolated) chatroom sample set up when I use the Azure key approach (i.e., in upstream settings, I use the suffix /runtime/webhooks/signalr?code=).
However, when I enable managed identity for upstream authorization, I consistently receive 403 errors when the SignalR service is reaching out to the function app's "/runtime/webhooks/signalr" path. I've read all available documentation online.
It seems the code / logic under this path is very hard to find / troubleshoot...