Client secrest from Auth0 are not base64 encoded

[SteveALee]

The code creating the JWT assume the client secret is base64 encoded.

https://github.com/sandrinodimattia/azure-functions-auth0/blob/master/src/index.js#L22-L24

When you cut and paste from the AUTH0 console that is not the case.

You should let the user decide on what encoding they want

Ditto the domain. The using code should make it a valid URL if required.

I nearly made a PR but decided to discuss first

[facadev]

Is the project still maintained?

[SteveALee]

I'm wondering that myself! actually the code is small it's easy to have your own copy as I did here https://auth0.com/blog/using-serverless-azure-functions-with-auth0-and-google-apis/?utm_source=twitter&utm_medium=sc&utm_campaign=azure_functions

Even better a little refactoring would remove the very small specifics for functions or auth0 making a generic auth check wrapper

[facadev]

Just wrote a wrapper based on yours and "auth0" module. Thanks! 😅

[SteveALee]

@facadev neat - do you fancy sharing it?

[facadev]

It's a minimal one:

var auth0 = new AuthenticationClient({
    domain: '...',
    clientID: '...'
    });

function auth(main_func) {
    return function(context, req) {
        if(req.body)
            var access_token = req.body[config.auth_input];
        if(!access_token)
            return context.done(...);
        auth0.getProfile(access_token, (err, user) => {
            if(err) return cb(err);
            if(user == 'Unauthorized') return context.done(...);
            req.user = user;
            main_func(context, req);
        });
    }

Yet I am a bit frustrated that when using third-party auth0 for authentication, the delay significantly increases.

[SteveALee]

Yes I'm finding average time of 2 seconds which is not good. Will contact their support.

Steve Lee Sent from my mobile device Please excuse typing errors

On 14 Mar 2017 15:33, "facadev" notifications@github.com wrote:

It's a minimal one:

var auth0 = new AuthenticationClient({ domain: '...', clientID: '...' });

function auth(main_func) { return function(context, req) { if(req.body) var access_token = req.body[config.auth_input]; if(!access_token) return context.done(...); auth0.getProfile(access_token, (err, user) => { if(err) return cb(err); if(user == 'Unauthorized') return context.done(...); req.user = user; main_func(context, req); }); }

Yet I am a bit frustrated that when using third-party auth0 for authentication, the delay significantly increases.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/sandrinodimattia/azure-functions-auth0/issues/3#issuecomment-286459203, or mute the thread https://github.com/notifications/unsubscribe-auth/AAlxqtg4ge2vcLqkcnXjNK01gIT_bCNjks5rlrMwgaJpZM4MGfqr .

[facadev]

Still much luckier than me. Mine goes from 1 sec to 1 min. Things have gone worse since my node_modules grew big. I didn't see any similar issue with Amazon Lambda though.

[SteveALee]

Ouch! Are you excluding function app warm up time?

Get Outlook for Android

On Tue, Mar 14, 2017 at 3:45 PM +0000, "facadev" notifications@github.com wrote:

Still much luckier than me. Mine goes from 1 sec to 1 min. Things have gone worse since my node_modules grew big. I didn't see any similar issue with Amazon Lambda though.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[facadev]

Just tested it again and it took 62s to handle the first call in a while (cold start), causing my client to time out. Subsequent calls took around 650ms each. The function I tested simply uses the auth function above. If I reference any other module like Azure Storage service, the warm-up time will be more than 100s.

Is that a common case? In my humble opinion, Azure functions can only serve as a worker for periodic tasks that is not time-critical.

PS. I use the "relative path" trick to require modules, eg. require('../node_modules/sth'), which saves me a bunch of seconds each time. Without it, it would feel like ages to get response from a not-so-complex call.

[SteveALee]

Warm up is usually 6 seconds or so. 100 indicates something weird is goining on. Its not clear exactly what is included in your function times. A simple function processing some logic and then before responding is usualy fast. 100s of ms.

Dif you make sure your azure and auth0 regions are geographically close to avoid propagation delays?

My function calls auth0 3 times and as the headers are not simple that means 6 round trips. Even so 2 seconds is long. I'm wondering if the use of request in a function has a performance hit in its self?

Much as I like auth0 I'm wonder if passport might be a better solution if we can t get the speed up.

But first I'll discuss with the auth0 engineers to eliminate any thing daft.

Of course there are many definitions of critical, from hard real time life or mission critical Downward. However user need timely responses or they move on. So this has to work at a user-friendly speef

[SteveALee]

With those times I suggest you contact AzureFunctions support. They usually respond on twitter as well as other channels

Please do let me know what you discover .

Steve Lee OpenDirective http://opendirective.com

On 14 March 2017 at 16:21, facadev notifications@github.com wrote:

Just tested it again and it took 62s to handle the first call in a while (cold start), causing my client to time out. Subsequent calls took around 650ms each. The function I tested simply uses the auth function above. If I reference any other module like Azure Storage service, the warm-up time will be more than 100s.

Is that a common case? In my humble opinion, Azure functions can only serve as a worker for periodic tasks that is not time-critical.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/sandrinodimattia/azure-functions-auth0/issues/3#issuecomment-286475563, or mute the thread https://github.com/notifications/unsubscribe-auth/AAlxqq4NRPN6rs70N69h27RSZN3kHfZ5ks5rlr6PgaJpZM4MGfqr .

[facadev]

Yes, my auth0 server is located in the same region. To find where the issue is, here's what I do:

1. Create a new Function, install the same modules as the old one. Cold start, and it takes the same amount of time.
2. Create a very simple function. It starts very quickly, so it might be the function that causes performance hit.
3. Decompose my original function. 3.1 Comment my code that deals with Azure Storage and Auth0 out, and it takes 30ms for the function to complete. 3.2 Only comment my code that deals with Auth0 out, it takes 4s this time. 3.3 Only comment my code that deals with Azure Storage out, it takes 5s this time.
4. For subsequent requests, it takes close to 1s to complete.

So far everything seems to be fine. I doubt my previous case might be attributed to a failed installation of a native module, which made the app environment a mess (?). Anyway, I will shoot my Function name to the team and see what comment they have.

Edit: It ran still very slowly when I tried to invoke it after hours, and I found the most impactful code is simply "require".

[facadev]

BTW, @SteveALee do you mean using passport-auth0?

[SteveALee]

@facadev After discussion with @christopheranderson, a number of points became clear

• The current Azure Functions filesystem access performance sucks with lots of small files so nodejs apps suffer a performance hit on first loading modules (and when using npm in a console). So once you "require" anything you will see extra warmup time. The Functions team are working hard on this A work-around is to bundle the modules using webpack etc - see https://github.com/christopheranderson/azure-functions-pack

• I'm going to add some Azure App Insights hooks to my function to get visibility on what's going on wit my calls after warmup - see https://github.com/christopheranderson/azure-functions-app-insights-sample/blob/master/item/index.js#L12

Also, I simply meant using plain passport and managing everything myself rather than the @Auth0 service. I much rather NOT do that though. The only reason would be the delays are giving users a bad UX. Reasons for using Auth0 are: Auth is very hard to get right, Auth0 is very flexible and using Express middleware in Functions is little bit messy as expected context is missing.

[facadev]

Yeah I also found it just now. It's said to be experimental. I will give it a shot later.

Haven't got my hands on App Insights yet. I'm curious to see if there will be any valuable insight from that. :)

[SteveALee]

I'll report back :)