[英]Azure App Service OpenID authentication with Auth0 fails: Value cannot be null. (Parameter 'rawToken')
I'm creating an App Service in Azure and trying to wire up OpenID Connect authentication with Auth0.我正在 Azure 中创建应用服务,并尝试使用 Auth0 连接 OpenID Connect 身份验证。
Problem:问题:
Auth0's login page pops up, I can login.弹出Auth0的登录页面,我可以登录了。 Auth0 redirects browser to my app's callback URL with the Authorization Code.
Auth0 使用授权码将浏览器重定向到我的应用程序的回调 URL。 The app returns HTTP 500 internal server error.
应用程序返回 HTTP 500 内部服务器错误。
...easyauth_docker.log
shows that Azure Authentication Middleware thrown the following exception: ...easyauth_docker.log
显示 Azure 身份验证中间件抛出以下异常:
... System.ArgumentNullException: Value cannot be null. (Parameter 'rawToken') 2021-12-13T15:40:26.451788664Z at Microsoft.Azure.AppService.Middleware.ModuleUtils.ThrowIfNullOrEmpty(String argName, String argValue) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/ModuleUtils.cs:line 867 2021-12-13T15:40:26.451799664Z at Microsoft.Azure.AppService.Middleware.ModuleUtils.ValidateJwt(String siteName, String rawToken, TokenValidationParameters parameters, String provider, Boolean useLegacyClaims, JwtSecurityToken& jwt, Exception& handledException, Boolean isLoginAction) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/ModuleUtils.cs:line 567
...
System.ArgumentNullException: Value cannot be null. (Parameter 'rawToken') 2021-12-13T15:40:26.451788664Z at Microsoft.Azure.AppService.Middleware.ModuleUtils.ThrowIfNullOrEmpty(String argName, String argValue) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/ModuleUtils.cs:line 867 2021-12-13T15:40:26.451799664Z at Microsoft.Azure.AppService.Middleware.ModuleUtils.ValidateJwt(String siteName, String rawToken, TokenValidationParameters parameters, String provider, Boolean useLegacyClaims, JwtSecurityToken& jwt, Exception& handledException, Boolean isLoginAction) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/ModuleUtils.cs:line 567
System.ArgumentNullException: Value cannot be null. (Parameter 'rawToken') 2021-12-13T15:40:26.451788664Z at Microsoft.Azure.AppService.Middleware.ModuleUtils.ThrowIfNullOrEmpty(String argName, String argValue) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/ModuleUtils.cs:line 867 2021-12-13T15:40:26.451799664Z at Microsoft.Azure.AppService.Middleware.ModuleUtils.ValidateJwt(String siteName, String rawToken, TokenValidationParameters parameters, String provider, Boolean useLegacyClaims, JwtSecurityToken& jwt, Exception& handledException, Boolean isLoginAction) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/ModuleUtils.cs:line 567
... System.ArgumentNullException: Value cannot be null. (Parameter 'rawToken') 2021-12-13T15:40:26.451788664Z at Microsoft.Azure.AppService.Middleware.ModuleUtils.ThrowIfNullOrEmpty(String argName, String argValue) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/ModuleUtils.cs:line 867 2021-12-13T15:40:26.451799664Z at Microsoft.Azure.AppService.Middleware.ModuleUtils.ValidateJwt(String siteName, String rawToken, TokenValidationParameters parameters, String provider, Boolean useLegacyClaims, JwtSecurityToken& jwt, Exception& handledException, Boolean isLoginAction) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/ModuleUtils.cs:line 567
...
Implementation:执行:
https://<MY_APP>.azurewebsites.net
.https://<MY_APP>.azurewebsites.net
。 I can debug it with VS Code too.https://<MY_APP>.azurewebsites.net/.auth/login/auth0/callback
https://<MY_APP>.azurewebsites.net/.auth/login/auth0/callback
https://<MY_AUTH0_DOMAIN>/.well-known/openid-configuration
(URL works from browser).https://<MY_AUTH0_DOMAIN>/.well-known/openid-configuration
(URL 在浏览器中工作)。 Copied Client ID and Client Secret from Auth0 page. Additional info:附加信息:
I was having exactly the same problem even though I was using Ory Hydra instead of Auth0 to authenticate.即使我使用Ory Hydra而不是Auth0进行身份验证,我也遇到了完全相同的问题。 In my case, I realize my Authentication app wasn't sending the
id_token
back with the authorization_token
.就我而言,我意识到我的身份验证应用程序没有将
id_token
与authorization_token
一起发回。 Checking the list of the Common Problems I found some referencing OpenID Connect ID Token missing .检查常见问题列表,我发现一些引用OpenID Connect ID Token missing 。
In my case it was the 4th option, because I forgot to send the correct scopes in my consent app:就我而言,这是第四个选项,因为我忘记在我的同意应用程序中发送正确的范围:
- Your consent app didn't send granted_scope: ["openid"] or when accepting the consent request.
您的同意应用程序未发送granted_scope: ["openid"] 或在接受同意请求时。
So, I believe that if your authentication app is not sending the id_token
, Azure Authentication Middleware will throw the exact same error.所以,我相信如果您的身份验证应用程序没有发送
id_token
, Azure 身份验证中间件将抛出完全相同的错误。 Hope it helps someone with the same problem.希望它可以帮助有同样问题的人。
Please check if your cause is among few of known cases:请检查您的原因是否属于少数已知案例:
Try to restart your web app and check if that makes any difference.尝试重新启动您的 web 应用程序并检查是否有任何不同。
According to Node.js best practices and troubleshooting- Azure App Service |根据 Node.js 最佳实践和故障排除- Azure App Service | Microsoft Docs
微软文档
If your application is returning 500 Errors when it starts, there could be a few reasons:
如果您的应用程序在启动时返回 500 错误,可能有以下几个原因:
- Node.exe is not present at the correct location.
Node.exe 不在正确的位置。 Check nodeProcessCommandLine setting.
检查 nodeProcessCommandLine 设置。
- Main script file is not present at the correct location.
主脚本文件不在正确的位置。 Check web.config and make sure the name of the main script file in the handlers section matches the main script file.
检查 web.config 并确保处理程序部分中的主脚本文件的名称与主脚本文件匹配。
It may also be due to incompatible nuget packages.也可能是由于不兼容的 nuget 封装。
WEBSITE_AUTH_RUNTIME_VERSION
.WEBSITE_AUTH_RUNTIME_VERSION
。 This can be a possible cause: Try to modify the runtime version of app service. For Linux apps, add an app setting called WEBSITE_WEBDEPLOY_USE_SCM
and set it to true
in your app: Reference对于 Linux 应用程序,添加一个名为
WEBSITE_WEBDEPLOY_USE_SCM
的应用程序设置并在您的应用程序中将其设置为true
: 参考
In some cases where not necessary,removing docker connector will solve the issues related to null reference exceptions.在某些不需要的情况下,移除 docker 连接器将解决与 null 参考异常相关的问题。
References:参考:
node.js - similar type of error - Stack Overflow node.js - 类似类型的错误 - Thinbug
Azure Functions and App Service Authentication with Auth0 and other OpenID Connect providers (anthonychu.ca) Azure 使用 Auth0 和其他 OpenID Connect 提供程序进行功能和应用服务身份验证 (anthonychu.ca)
You can raise a support request if issue remains: from overview page of azure app service portal > Support + troubleshoot > New Support Request.如果问题仍然存在,您可以提出支持请求:从 azure 应用服务门户的概述页面 > 支持 + 故障排除 > 新支持请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.