dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
35.42k stars 10.01k forks source link

SignalR WebSocket Connection Fails Due to Excessive URL Length When Using Large JWT Access Tokens in Blazor WebAssembly #58534

Open Gopichandar opened 1 week ago

Gopichandar commented 1 week ago

Is there an existing issue for this?

Describe the bug

I'm experiencing an issue with SignalR in a Blazor WebAssembly application where the WebSocket connection fails because the URL exceeds the maximum length allowed. This happens when using large JWT access tokens that contain numerous claims. Since browsers don't allow custom headers in WebSocket requests, SignalR appends the access token to the URL as a query parameter (access_token), leading to excessively long URLs.

Expected Behavior

SignalR should establish a WebSocket connection successfully, even when using large JWT access tokens with numerous claims.

Steps To Reproduce

Set Up Blazor WebAssembly App with SignalR:

Configure SignalR Client:

_hubConnection = new HubConnectionBuilder()

    .WithUrl(_navigationManager.BaseUri + "taskHub", options =>

    {

        options.AccessTokenProvider = async () => await _stateProvider.GetAccessToken();

    })

    .Build();

wss://localhost:6001/taskHub?id=ugqggKcLbyf5RR-QmI11vw&access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1laWRlbnRpZmllciI6ImM3ZTQwMGQzLTY1ZWQtNDMwOS1iOGU4LWI4OWFlMTdkZDU2MiIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL2VtYWlsYWRkcmVzcyI6ImphY3F1ZXNAYS14aW9tLmNvbSIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL25hbWUiOiJKYWNxdWVzIiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMj...MuSW52b2ljZXMuRGFzaGJvYXJkIiwiUGVybWlzc2lvbnMuSW52b2ljZXMuTWFuYWdlIiwiUGVybWlzc2lvbnMuU3VwcGxpZXJzLlZpZXciLCJQZXJtaXNzaW9ucy5TdXBwbGllcnMuQ3JlYXRlIiwiUGVybWlzc2lvbnMuU3VwcGxpZXJzLkVkaXQiLCJQZXJtaXNzaW9ucy5TdXBwbGllcnMuRGVsZXRlIiwiUGVybWlzc2lvbnMuRHluYW1pY1BhZ2VQcm9kdWN0cy5WaWV3IiwiUGVybWlzc2lvbnMuRHluYW1pY1BhZ2VQcm9kdWN0cy5DcmVhdGUiLCJQZXJtaXNzaW9ucy5EeW5hbWljUGFnZVByb2R1Y3RzLkVkaXQiLCJQZXJtaXNzaW9ucy5EeW5hbWljUGFnZVByb2R1Y3RzLkRlbGV0ZSJdLCJleHAiOjE3Mjk0MDY5MzN9.6hfP850-1cc8-wZnqd1vlK10gJLYCGdgdrgdfbgfnbfg Attempt to Establish WebSocket Connection:

Exceptions (if any)

SignalR should establish a WebSocket connection successfully, even when using large JWT access tokens with numerous claims.

.NET Version

.net 8

Anything else?

No response

BrennanConroy commented 1 week ago

You should reduce the size of your tokens. There is nothing we can do here.