ACA Auth Middleware returns 500 trying to access the container app

[MatteoCalabro-TomTom]

This issue is a: (mark with an x)

• [x] bug report -> please search issues before submitting
• [ ] documentation issue or request
• [ ] regression (a behavior that used to work and stopped in a new release)

Issue description

I have a container app (bun server + static frontend) shielded by authentication with AAD. It is configured to restrict all traffic behind SSO, redirecting to login page, and to allow only traffic from the app itself. As soon as I enable the authN middleware, the app is inaccessible and a 500 error is returned from (I believe) the middleware. App logs show requests being served correctly.

I can't find any trace of errors in the log stream of either app, auth sidecar or dapr sidecar.

I suspect an issue with header size. I incurred in a similar situation years ago with K8s, NGINX ingress and AAD JWT tokens: tokens were too big for nginx default header size and caused the controller/service to crash.

Steps to reproduce

1. Deploy a node/bun app serving a SPA on /
2. Configure app to allow only secure traffic, enable DAPR, enable auth middleware
3. Try to load the app.

Expected behavior I'd expect to see my app home page

Actual behavior Internal Server Error

Additional context

Web browser. Application is deployed using Pulumi Azure Native 2.30.

[MatteoCalabro-TomTom]

I will add more context such as auth middleware version and the full application and aad application configurations