Auth error using token authentication

[matthewfarrell]

• Package Name: @azure/cosmos
• Package Version: 3.6.2
• Operating system: Windows 10
• [x ] nodejs
  • version: v10.19.0
• [x ] browser
  • name/version: Brave/Version 1.9.72 Chromium: 81.0.4044.138 (Official Build) (64-bit)
• [x ] typescript
  • version: 3.2.2
• Is the bug related to documentation in
  • [ ] README.md
  • [ ] source code documentation
  • [ ] SDK API docs on https://docs.microsoft.com

Describe the bug When using token based authentication, the auth header sent to CosmosDb is empty

To Reproduce Steps to reproduce the behavior:

1. Create a new cosmos client using resource tokens, and execute the delete method

const database = 'database1';
const collection = 'collection1';
const token = 'token string';
const endpoint = 'https://<endoint url>/';
const itemId = '1234';

const resourceTokens = {};
resourceTokens[`dbs/${database}/colls/${collection}`] = tokenString;

const cosmosClientOptions: CosmosClientOptions = {
  resourceTokens: resourceTokens,
  endpoint: endpoint,
  connectionPolicy: {
    enableEndpointDiscovery: false
  }
};
const dbClient = new CosmosClient(cosmosClientOptions);
const db = dbClient.database(database);

const container = db.container(collection);
await container.item(itemId).delete();

Cosmos returns 401 unauthorised. If you inspect the network request to Cosmos, the auth header is null.

Expected behavior The item should delete

Additional context When using tokens, the resourceId that is passed into the method getAuthorizationTokenUsingResourceTokens in src/auth.ts is passing the full path to the item id (not the collection): dbs/<database>/colls/<collection>/<item id>. I'm not sure if this is as intended?

To work around the issue, I added the following code to look for a token in a parent resource, though I wonder if the correct fix would be to pass in the resourceId for the collection instead of the item?

src/auth.ts line 71

// Look for a key for a parent of the resource Id
const resourceSegments = resourceId.split("/");
for (let i = resourceSegments.length; i > 0; i -= 1) {
  const partialPath = resourceSegments.slice(0, i).join('/');
  const id = decodeURI(partialPath);
  if (resourceTokens[id]) {
    return resourceTokens[id];
  }
}

[southpolesteve]

@matthewfarrell Thanks for the report. I'll do some investigating, but first glance this does look like a bug. I think your suggested fix is probably correct. cc @zfoster

[middiu]

Hi, any progress on this issue? it's affecting my project as well and it's quite important do being able to delete items....

Cheers

[southpolesteve]

Resolved in 3.7.1