Comments (6)
Any updates on this? Thanks
from azure-functions-microsoftgraph-extension.
I haven't had a chance to investigate this yet. If anyone has experienced this issue, if they could give me a time estimate of how long it took after initially logging into their application that this issue was encountered, that would be a huge help in tracking down this issue.
from azure-functions-microsoftgraph-extension.
It expires after 1 hour, so it has something to do with the Access token.
from azure-functions-microsoftgraph-extension.
I've just had the same problem. I could recover from errors by performing the following steps:
- Access
/.auth/refresh
- Delete
AppServiceAuthSession
cookie on the function app host - Sign in again on the function app host
I'm not sure whether it's the correct way to remove the cause of errors. I had never touched /.auth/logout
so supposedly I kept being signed in on Azure AD IdP.
Microsoft.Azure.WebJobs.Host.FunctionInvocationException: Exception while executing function: BillingPeriodsPublish ---> System.InvalidOperationException: Exception binding parameter 'graphToken' ---> Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS70002: Error validating credentials. AADSTS50013: Assertion is not within its valid time range.
Trace ID: 7b6edc83-9a9e-485c-81a1-b16bfe136100
Correlation ID: ddc0dd0c-290c-4e71-9292-7950cb6975cc
Timestamp: 2018-09-25 17:19:35Z ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (BadRequest). ---> System.Exception: {"error":"invalid_grant","error_description":"AADSTS70002: Error validating credentials. AADSTS50013: Assertion is not within its valid time range.\r\nTrace ID: 7b6edc83-9a9e-485c-81a1-b16bfe136100\r\nCorrelation ID: ddc0dd0c-290c-4e71-9292-7950cb6975cc\r\nTimestamp: 2018-09-25 17:19:35Z","error_codes":[70002,50013],"timestamp":"2018-09-25 17:19:35Z","trace_id":"7b6edc83-9a9e-485c-81a1-b16bfe136100","correlation_id":"ddc0dd0c-290c-4e71-9292-7950cb6975cc"}
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpClientWrapper.GetResponseAsync()
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Clients.ActiveDirectory.AdalHttpClient.GetResponseAsync[T](Boolean respondToDeviceAuthChallenge)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AdalHttpClient.GetResponseAsync[T]()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.SendHttpMessageAsync(IRequestParameters requestParameters)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.SendTokenRequestAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenOnBehalfHandler.SendTokenRequestAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.RunAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenOnBehalfCommonAsync(String resource, ClientKey clientKey, UserAssertion userAssertion)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenAsync(String resource, ClientCredential clientCredential, UserAssertion userAssertion)
at Microsoft.Azure.WebJobs.Extensions.AuthTokens.AadClient.GetTokenOnBehalfOfUserAsync(String userToken, String resource)
at Microsoft.Azure.WebJobs.Extensions.AuthTokens.TokenConverter.GetAuthTokenFromUserToken(String userToken, String resource)
at Microsoft.Azure.WebJobs.Extensions.AuthTokens.TokenConverter.ConvertAsync(TokenBaseAttribute attribute, CancellationToken cancellationToken)
at Microsoft.Azure.WebJobs.Extensions.AuthTokens.TokenConverter.ConvertAsync(TokenAttribute attribute, CancellationToken cancellationToken)
at Microsoft.Azure.WebJobs.Host.Bindings.PatternMatcher.AsyncInvoker`2.<>c__DisplayClass0_0.<<Execute>b__0>d.MoveNext() in C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Bindings\PatternMatcher.cs:line 383
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.Azure.WebJobs.Host.Bindings.BindToInputBindingProvider`2.ExactBinding.BuildAsync(TAttribute attrResolved, ValueBindingContext context) in C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Bindings\BindingProviders\BindToInputBindingProvider.cs:line 212
at Microsoft.Azure.WebJobs.Host.Bindings.BindingBase`1.BindAsync(BindingContext context) in C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Bindings\BindingBase.cs:line 50
at Microsoft.Azure.WebJobs.Host.Triggers.TriggeredFunctionBinding`1.BindCoreAsync(ValueBindingContext context, Object value, IDictionary`2 parameters) in C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Triggers\TriggeredFunctionBinding.cs:line 98
--- End of inner exception stack trace ---
at Microsoft.Azure.WebJobs.Host.Executors.DelayedException.Throw() in C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Executors\DelayedException.cs:line 27
at Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.ExecuteWithWatchersAsync(IFunctionInstance instance, ParameterHelper parameterHelper, ILogger logger, CancellationTokenSource functionCancellationTokenSource) in C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionExecutor.cs:line 478
at Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.ExecuteWithLoggingAsync(IFunctionInstance instance, ParameterHelper parameterHelper, IFunctionOutputDefinition outputDefinition, ILogger logger, CancellationTokenSource functionCancellationTokenSource) in C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionExecutor.cs:line 444
at Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.ExecuteWithLoggingAsync(IFunctionInstance instance, FunctionStartedMessage message, FunctionInstanceLogEntry instanceLogEntry, ParameterHelper parameterHelper, ILogger logger, CancellationToken cancellationToken) in C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionExecutor.cs:line 249
--- End of inner exception stack trace ---
at Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.ExecuteWithLoggingAsync(IFunctionInstance instance, FunctionStartedMessage message, FunctionInstanceLogEntry instanceLogEntry, ParameterHelper parameterHelper, ILogger logger, CancellationToken cancellationToken) in C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionExecutor.cs:line 293
at Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.TryExecuteAsync(IFunctionInstance functionInstance, CancellationToken cancellationToken) in C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionExecutor.cs:line 89
from azure-functions-microsoftgraph-extension.
I got the same exception after 2 hours since recovering from errors, and recovered again by erasing cookies. Here's the summary of the report from Application Insights for the function app host:
Time | What happened |
---|---|
2018-09-25T17:35:54Z | Recovered from errors by performing steps in the previous comment, there's access token to expire at 2018-09-25T18:35:54.0000000Z according to /.auth/me |
2018-09-25T18:44:02Z | The access token had already expired, but the service still worked, it was able to access https://graph.microsoft.com resources |
2018-09-25T19:04:05Z | Stopping JobHost (due to being idle?) |
2018-09-25T19:32:11Z | Starting JobHost (due to a new request?) |
2018-09-25T19:32:12Z | Incoming request appeared |
2018-09-25T19:32:13Z | It made outgoing POST to https://sts.windows.net/.../oauth2/token and got 400 Bad request |
2018-09-25T19:32:14Z | It raised the same exception shown in the previous comment |
2018-09-25T20:10:04Z | Stopping JobHost |
2018-09-25T20:14:00Z | /.auth/me still showed "expires_on":"2018-09-25T18:35:54.0000000Z" |
2018-09-25T20:15:00Z | Made access to /.auth/refresh by a web browser |
2018-09-25T20:15:40Z | /.auth/me changed to "expires_on":"2018-09-25T21:15:40.0000000Z" |
2018-09-25T20:17:15Z | Starting JobHost |
2018-09-25T20:17:16Z | Incoming request appeared |
2018-09-25T20:17:17Z | It made outgoing POST to https://sts.windows.net/.../oauth2/token and still got 400 Bad request |
2018-09-25T20:17:17Z | It raised the same exception again |
2018-09-25T20:25:10Z | Deleted AppServiceAuthSession cookie in the web browser |
2018-09-25T20:26:30Z | Made access to the function app host by the web browser, got redirected to Azure AD IdP and prompted to sign in. Started a fresh signed in session |
2018-09-25T20:26:34Z | Incoming request appeared |
2018-09-25T20:26:35Z | It made outgoing POST to https://sts.windows.net/.../oauth2/token and it was a successfull call |
2018-09-25T20:27:08Z | It finished to handle the request successfully after accessing to https://graph.microsoft.com and other resources |
from azure-functions-microsoftgraph-extension.
I have this same issue - have to go to http://.../.auth/login to refresh the token, even though it says I'm already logged in.
from azure-functions-microsoftgraph-extension.
Related Issues (20)
- Microsoft Graph Auth Token Binding
- System.Private.CoreLib: Exception while executing function: Functions.[funcNameHere]. Microsoft.IdentityModel.Clients.ActiveDirectory: Value cannot be null. Parameter name: authority. HOT 4
- Error while accessing 'X-MS-TOKEN-AAD-ID-TOKEN' from Logic App Custom Connector
- Azure Function V2 Graph token- invalid_grant, Assertion is not within its valid time range HOT 2
- Support for Microsoft.Graph.Beta sdk
- Obtain token using client credentials for different tenant than the one where function is deployed HOT 1
- The Functions Graph Extension doesn't support the National Clouds.
- Support for Multi-Tenancy
- value cannot be null. Parameter name: provider HOT 2
- Outlook Message binding returns an error on Functions v2 Runtime and JavaScript with version 1.0.0-beta6.
- This repo is missing important files HOT 1
- Visibility on releases, release notes and CI CD pipelines HOT 1
- Graph binding with timer trigger
- Outlook Message binding returns an error on Functions v2 Runtime and JavaScript. HOT 2
- GraphWebhookSubscription attribute binding error HOT 1
- The graph token has no scopes. Client Credentials HOT 4
- File input - Microsoft Graph binding doesn't seem to work for worker model HOT 1
- Support for access token with the token binding (UserFromAccessToken option) HOT 6
- 'X-MS-TOKEN-AAD-ID-TOKEN': property doesn't exist
- HttpRequestException when using TokenIdentityMode.UserFromId
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azure-functions-microsoftgraph-extension.