Authorization issue (403) after setting up authentication

[akallai]

Please provide us with the following information:

This issue is for a: (mark with an x)

- [(x)] bug report -> please search issues before submitting
- [ ] feature request
- [(x)] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

I am facing an issue after trying to setup the authentication.

I followed manual setup instructions for the app registrations.
After deployment I am facing the login screen which works fine (loggin in works).
But after trying to use the chat i am getting this error "Error: Request failed with status 403"

Here are the Network logs:
GET https://application828273643-dev.azurewebsites.net/.auth/refresh 403 (Forbidden) authConfig.ts:152
POST https://application828273643-dev.azurewebsites.net/ask net::ERR_ABORTED 403 (Forbidden) api.ts:27
Am I missing something?

Minimal steps to reproduce

1. following manual setup instructions of the add login documentation
2. running "azd up" with this configuration:
   AZURE_AUTH_TENANT_ID=
   AZURE_CLIENT_APP_ID=
   AZURE_ENABLE_GLOBAL_DOCUMENT_ACCESS="true"
   AZURE_ENFORCE_ACCESS_CONTROL="false"
   AZURE_PUBLIC_NETWORK_ACCESS="Enabled"
   AZURE_SERVER_APP_ID=
   AZURE_SERVER_APP_SECRET=
   AZURE_SUBSCRIPTION_ID=
   AZURE_TENANT_ID=
   AZURE_USE_AUTHENTICATION="true"
3. giving consent
4. Login and afterwards trying to use the app

Any log messages given by the failure

GET https://application828273643-dev.azurewebsites.net/.auth/refresh 403 (Forbidden) - authConfig.ts:152
POST https://application828273643-dev.azurewebsites.net/ask net::ERR_ABORTED 403 (Forbidden) - api.ts:27

Expected/desired behavior

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

azd version?

run azd version and copy paste here.
azd version 1.9.6

Versions

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.

[pamelafox]

Your issue looks similar to this thread:
#1549

Can you try to get additional logs, per my recommendations in that thread?
Does it work locally?

[mapplegate]

Moved to 2:30 PT From: Pamela Fox ***@***.***> Reply-To: Azure-Samples/azure-search-openai-demo ***@***.***> Date: Tuesday, September 3, 2024 at 4:40 PM To: Azure-Samples/azure-search-openai-demo ***@***.***> Cc: Subscribed ***@***.***> Subject: Re: [Azure-Samples/azure-search-openai-demo] Authorization issue (403) after setting up authentication (Issue #1945) CAUTION: This email originated from outside your organization. Exercise caution when opening attachments or clicking links, especially from unknown senders. Your issue looks similar to this thread: #1549<#1549> Can you try to get additional logs, per my recommendations in that thread? Does it work locally? — Reply to this email directly, view it on GitHub<#1945 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AFZB2P5UBN5TUKGGAZJ237TZUZCFFAVCNFSM6AAAAABNKGOXC6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMRXGYZTCNJUGY>. You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[mapplegate]

***@***.*** would like to recall the message, "Re: [Azure-Samples/azure-search-openai-demo] Authorization issue (403) after setting up authentication (Issue #1945)".

[Elhameh]

Hi,

I'm getting the same error message. Below you can find the error log.

INFO:hypercorn.error:Running on http://127.0.0.1:50505 (CTRL + C to quit)
[2024-09-13 21:26:43 +0200] [56386] [INFO] 127.0.0.1:56590 GET / 1.1 304 - 6624
[2024-09-13 21:26:43 +0200] [56386] [INFO] 127.0.0.1:56590 GET /auth_setup 1.1 200 528 1375
[2024-09-13 21:26:43 +0200] [56386] [INFO] 127.0.0.1:56590 GET /.auth/me 1.1 404 207 766
[2024-09-13 21:26:43 +0200] [56386] [INFO] 127.0.0.1:56590 GET /config 1.1 200 219 1231
[2024-09-13 21:26:47 +0200] [56386] [INFO] 127.0.0.1:56590 GET /.auth/me 1.1 404 207 1444
ERROR:root:Exception getting authorization information - "Authorization header is expected"
Traceback (most recent call last):
File "/Users//Library/CloudStorage//Desktop/chatbot_folder/app/backend/core/authentication.py", line 217, in get_auth_claims_if_enabled
auth_token = AuthenticationHelper.get_token_auth_header(headers)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users//Library/CloudStorage/***/Desktop/chatbot_folder/app/backend/core/authentication.py", line 139, in get_token_auth_header
raise AuthError(error="Authorization header is expected", status_code=401)
core.authentication.AuthError: Authorization header is expected
[2024-09-13 21:26:47 +0200] [56386] [INFO] 127.0.0.1:56590 POST /chat/stream 1.1 403 213 3486