0

I am attempting to setup a custom claims provider, following the microsoft articles (https://learn.microsoft.com/en-us/azure/active-directory/develop/custom-claims-provider-overview).

I have a simple Typescript Function App with the following code:

import { AzureFunction, Context, HttpRequest } from "@azure/functions"

const httpTrigger: AzureFunction = async function (context: Context, req: HttpRequest): Promise<void> {
  context.log(`request method: ${JSON.stringify(req.method)}`);
  context.log(`request headers: ${JSON.stringify(req.headers)}`);
  context.log(`request body: ${JSON.stringify(req.body)}`);

  const correlationId = (req.query.correlationId || req.body?.data.authenticationContext?.correlationId);
  context.log(`correlationId: ${JSON.stringify(correlationId)}`);

  const user = req.body?.data?.authenticationContext?.user;
  context.log(`user: ${JSON.stringify(user)}`);

  context.res = {
    body: {
      data: {
        "@odata.type": "microsoft.graph.onTokenIssuanceStartResponseData",
        actions: [
          {
            "@odata.type": "microsoft.graph.tokenIssuanceStart.provideClaimsForToken",
            claims: {
              correlationId,
              customRoles: [
                "Writer",
                "Editor"
              ]
            }
          }
        ]
      }
    }
  };

};

export default httpTrigger;

Note that I can successfully deploy this code to the function app on my account, and it "successfully" executes everytime that someone logs in to the application.

Despite this "successful" execution, however, I do not get a successful response back from the token request. Instead I'm seeing error responses from the token endpoint like this:

{"error":"invalid_request","error_description":"AADSTS1100001: Non-retryable error has occurred.\r\nTrace ID: 23b605c1-9c02-406c-89ea-5548cf6f8300\r\nCorrelation ID: cbcd178c-4859-40c5-9193-43693382f315\r\nTimestamp: 2023-05-02 09:45:47Z","error_codes":[1100001],"timestamp":"2023-05-02 09:45:47Z","trace_id":"23b605c1-9c02-406c-89ea-5548cf6f8300","correlation_id":"cbcd178c-4859-40c5-9193-43693382f315"}

This error response isn't all that informative about what is going wrong behind the scenes. I haven't found a way to look up any associated logs by the trace_id either. Any advice on how to get this working/get to the underlying error trace would be much appreciated.

Ryan Pierce Williams
  • 650
  • 3
  • 14

1 Answers1

0

It worked for me without any issues by using the below code and connecting to Application Insights; this successfully executed, and I am able see the logs in Application Insights.

The error that has occurred while trying to authenticate with Azure Active Directory.
There will be various reasons such as invalid credentials, incorrect configuration, or network issues.

To fix this error.

  • Verify the credentials that you are using to authenticate are valid or not.
  • And verify the configurations are correct.
  • Check for the API errors.

Typescript code

import { 
    ApplicationInsights 
} 
from  '@microsoft/applicationinsights-web';
const  appInsights = new  ApplicationInsights({
config: 
{
    instrumentationKey:  'key',
},});
appInsights.loadAppInsights();
try {
        const  result = someUndefinedVariable.undefinedFunction();
    } 
catch (error) 
{
    appInsights.trackException({ exception:  error });
}

The exception logs in Application insights as shown below.

enter image description here

Jeremy Caney
  • 7,102
  • 69
  • 48
  • 77
Balaji
  • 311
  • 1
  • 3