Azure Function App Binding ClaimsPrincial Doesn't Set Claims From JWT

Question

I'm developing a SPA that uses a Azure Function App for the API and Azure Active Directory for the auth. adal.access.token is set in local storage after the user logs in, but the claims are not set properly in the bound ClaimsPrincipal parameter, nor are they set within the HttpRequest parameter. The claims principal object looks the same whether or not the Authorization: Bearer ... header is set. How can I configure my Function App to use AAD and the ClaimsPrincipalbinding? I verified that the claims are set in the access token by using the token debugger at jwt.io.

public static MyFunction {
  [FunctionName("MyFunction")]
  public static async Task<IActionResult> Run(
    [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "some-path")],
    ClaimsPrincipal principal
  ){
     // principal does not contain the claims, or any of the token info
  }
}

Then I send the request:

curl -X GET -H "Authorization: Bearer ..." http://localhost:7071/api/some-path

But the claims principle only has one claim, `http://schemas.microsoft.com/2017/07/functions/claims/authlevel: Admin`

UPDATE: It appears the principal variable is set as expected when invoked in Azure, but is not set when developing locally.

Answer 1

i assume you created the app registration by using the function service app control panel by activating authentication with azure ad with express or something. doing so creates the app registration and puts the app function as the reply url, so if you run it locally on your development environment, and try to log in, it will never send the token to your local machine as its not a source url.

basically you have to go to the app registration in azure ad, go to authentication and add an additional reply / redirect url, to point to your localhost address of your app, whatever that is. http://localhost:youriisexpressport sorta thing. then it will work locally as well.