-
Notifications
You must be signed in to change notification settings - Fork 218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] Error of System.UnauthorizedAccessException: IDW10201: Neither scope or roles claim was found in the bearer token
is being unexpectedly thrown
#1710
Comments
@madelineleclair Would you be able to provide logs for one of the failed cases? |
@jennyf19 I've enabled the logging for Microsoft.Identity.Web at the debug level, but I'm only seeing a few new log lines. To give you some context on how we're using Microsoft Identity Web, our setup in
When looking at logs, I see the following for correlation id
The last message comes from us logging a warning when we catch the error of |
@madelineleclair Diagnostics is enabled? |
Included in 1.25.0 release |
Thanks for the contribution @sciocoder |
It was a pleasure. thanks for the opportunity! :) |
@sciocoder Thank you for your help! |
Which version of Microsoft Identity Web are you using?
Microsoft Identity Web 1.22.2, 1.9.0, and 1.8.2
Where is the issue?
Is this a new or an existing app?
The app is in production and I have upgraded to a new version of Microsoft Identity Web.
Context
We have been experiencing a transient issue where the error below is thrown for tokens without scopes or roles:
We have been experiencing the issue for about 1 year in production. It started when we began using Microsoft Identity Web. We have tried upgrading to later versions, such as 1.22.2, but the issue still persists. As per the documentation, we have configured
"AllowWebApiToBeAuthorizedByACL": true
in our app settings for tokens we don't want to validate scopes/roles for. Without this setting, we experience the error consistently. With the setting enabled, we get transient failures in production. When looking at our logs, we have noticed that if the error is thrown for multiple requests, it is thrown on the same pod. We are trying to identify the root cause of this error so we don't have to leave a workaround in place.Expected behavior
When
"AllowWebApiToBeAuthorizedByACL": true
is enabled in app settings, the error ofSystem.UnauthorizedAccessException: IDW10201: Neither scope or roles claim was found in the bearer token.
is not thrown.The text was updated successfully, but these errors were encountered: