meds
Reputation: 22956
Error while accessing 'X-MS-TOKEN-AAD-ID-TOKEN': property doesn't exist
I'm trying to bind a graphToken in a http azure function like so:
//function.json:
{
"bindings": [
{
"authLevel": "anonymous",
"name": "req",
"type": "httpTrigger",
"direction": "in",
"methods": [
"get",
"post"
]
},
{
"type": "token",
"direction": "in",
"name": "graphToken",
"resource": "https://graph.microsoft.com",
"identity": "userFromRequest"
},
{
"name": "$return",
"type": "http",
"direction": "out"
}
]
}
The function itself in run.csx:
#r "Newtonsoft.Json"
using System.Net;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Primitives;
using Newtonsoft.Json;
public static IActionResult Run(HttpRequest req, string graphToken, TraceWriter log)
{
return (ActionResult)new OkObjectResult(graphToken);
}
When attempting to do a GET request on the function I get an exception:
An unhandled exception occurred while processing the request.
InvalidOperationException: Error while accessing 'X-MS-TOKEN-AAD-ID-TOKEN': property doesn't exist.
Microsoft.Azure.WebJobs.Host.Bindings.Path.BindingTemplateToken+ExpressionToken.Evaluate(IReadOnlyDictionary<string, object> bindingData) in BindingTemplateToken.cs, line 198
InvalidOperationException: Exception binding parameter 'graphToken'
Microsoft.Azure.WebJobs.Host.Executors.DelayedException.Throw() in DelayedException.cs, line 27
FunctionInvocationException: Exception while executing function: Functions.HttpTriggerCSharp1
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
The function itself is secured using Azure AD B2C and when called the users id_token is passed in as a bearer authorization.
From my understanding there are some features not supported by B2C that is supported by Azure AD - is this one of them?
Upvotes: 0
Views: 2319
Answers (1)
Connor McMahon
Reputation: 1358
What is almost certainly going on here is that no authentication has actually occurred, so there is no token for the application to grab. We should definitely have a better error message in this case.
There are two easy ways around this:
- Go to the relative https://your-function-app.azurewebsites.net/.auth/login/aad to be prompted to login before using the API. Now if you visit the API, it will work as expected.
- Go to Platform Features > Authentication / Authorization, and select “Log in with Azure Active Directory” from the drop down titled “Action to take when request is not authenticated”. This will automatically redirect any unauthenticated users to the AAD login flow, and once they complete the flow, the API request will return as expected.
Upvotes: 2
Related Questions
- Unable to get access token. 'AADSTS500011: The resource principal named 'xxx' was not found in the tenant -tenantid
- The provided value for the input parameter 'scope' is not valid when calling Access Token API
- Authentication failed: com.microsoft.identity.client.exception.MsalArgumentException: scopes cannot be null or empty
- Error Acquring token for Azure AD B2C on native app (WPF) executable file
- AdalSilentTokenAcquisitionException when trying to acquire the token in c#
- Unable to Get The Access Token
- AADSTS700054: response_type 'id_token' is not enabled for the application
- Azure AD B2C: Unable to get token with authorization code
- Azure AD Access Token - Authorization Code is malformed or invalid
- Error when obtaining token