microsoft / AzUrlShortener

An simple and easy Url Shortener
MIT License
519 stars 561 forks source link

"Claim not found" error message when calling function app #258

Closed rforster-dev closed 1 year ago

rforster-dev commented 3 years ago

I'm trying to setup the AzUrlShortener using Sharepoint to control the list, but when the flow is triggered, I'm seeing this error message:

image

When I go to the URL in the browser as well, it also shows the same error message.

I've tried with the V1 deployment (no frontend), and also the V2 setup (no frontend).

I've used the url with the "code=" parameter, using the function key, the master key (i've tried all keys!)

Let me know if you need more information for debugging this? Thanks!

┆Issue is synchronized with this Trello card by Unito

fs366e2spm commented 3 years ago

Hi @rforster-dev It seems for me you call a wrong URL. Please make sure you have the correct URL from the AzureFunction. In V1 you can call the URL for the UrlList easily with different Ui's (e.g. Postman, PowerShell, etc.)

See the list of possible V1 UIs: https://github.com/FBoucher/AzUrlShortener/blob/dev/src/adminTools/README.md e.g. PowerShell: https://github.com/FBoucher/AzUrlShortener/blob/dev/src/adminTools/PowerShell/README.md

You can find the details how to get the URLs here: https://github.com/FBoucher/AzUrlShortener/blob/main/post-deployment-configuration.md#how-to-get-the-azure-function-urls

Hope this helps. Otherwise please provide a screenshot when possible where you get the URL from.

rforster-dev commented 3 years ago

Thanks for the response.

As far as I am aware, following the documentation I am using the correct function URL. I've provided some screenshots of what URL's i'm using and where i'm getting them from.

URLShortener image I'm going to the Function app, and then functions, and clicking on ShortenerUrl.

image I'm then clicking on "Get function url" which gives me this (NOTE: it doesn't add the "code=xxx" aspect.

image

So I then go to Function keys and use my default key for this function.

I append it so the url I am calling looks like the below, which returns the "claim not found" image

If I run it with the flow provided to update this via Sharepoint list, the flow fails and gives the same response.

image

So i'm pretty sure i'm using the right stuff as per documentation.

rforster-dev commented 3 years ago

OK so i've been doing some reading, and it looks like the error message "Claim not found" comes from this piece of code:

if (principal.FindFirst(ClaimTypes.GivenName) is null) { log.LogError("Claim not Found"); return new BadRequestObjectResult(new { message = "Claim not Found", StatusCode = System.Net.HttpStatusCode.BadRequest }); }

Within this file: https://github.com/FBoucher/AzUrlShortener/blob/main/src/shortenerTools/Domain/Utility.cs

Using the code from main-v1, this all works perfectly.

I can't see any documentation on what's required here to get this check to pass? Maybe it's a documentation concern for V2 of the tool.

Any clarification would be appreciated on how this is worked round in V2 of this tool.

fs366e2spm commented 3 years ago

In V1 the Get Function Url shows me the complete URL including the code=... part (https://shortenertools....azurewebsites.net/api/UrlList?code=xxxx) and by the nature of V1 the URL doesn't require authentication. image

@rforster-dev did you upgrade from V1 to V2 or directly deployed V2 headless?

Documentation for the upgrade #196 is WIP

rforster-dev commented 3 years ago

Thanks for the response.

So when I logged the bug originally - I had use the V2 of this, which is where I was getting the issue as i've described.

When I created a new 1, using V1 of the code (main-v1) I have no issues, so not migrating upwards in versions, doing clean installs.

To me, it feels like V2 has an issue if you don't use the Blazor admin and simply deploy it headless, and the line in the code I mentioned is always assuming that;

if (principal.FindFirst(ClaimTypes.GivenName) is null) should not be null, but I can't find where in the instructions on how to make this not null.

FBoucher commented 3 years ago

@rforster-dev @fs366e2spm Good catch, the documentation needs to be updated. In V2 the Azure functions are now protected by Azure Active Directory (AAD). The "claim" is a valid token from AAD not the Function security code. Have a look at this documentation page: https://docs.microsoft.com/en-us/graph/use-postman it will help you. (And I will try to update the doc ASAP

swidurs commented 3 years ago

Hi,

I get the same error when trying to call from a different function (in the same tenant). I do authenticate my call with a bearer token, but still no luck. Does anyone have an idea what to do?

I am using V2 (fresh install) Blazor frontend is working

thanks for your Help!

JonSmith commented 3 years ago

An additional point we encountered is by default our AAD created an app registration only requesting the User.Read graph permissions. GivenName is not part of that. You can either add the "profile" graph API permission to get to GivenName, or change the function app code to use ClaimType.Name instead of ClaimType.GivenName - both worked for us.

ThDJRenton commented 3 years ago

If anyone needs a headless version of the V2 shortener that doesn't have this issue (which is indeed related to AAD security) it can be easily removed to help you implement it and the great new features before tackling proper AAD auth (which is a little more complex to implement). You will of course need to maintain your own version of the shortener or we could make this configurable for future versions so you have the choice of auth 😄

cklenk commented 2 years ago

This would be great to have in the documentation. I was trying to test this in Postman and was getting the same issues!!!

Thank you

FBoucher commented 1 year ago

The new version only offers redirects. For a more complete API it's in the https://github.com/FBoucher/TinyBlazorAdmin/tree/main/src/api