JwksClient getSigningKey Error: socket hang up

Arun Kumar S 0 Reputation points

Im currently using jsonwebtoken and jwks-rsa for validating token got from request header. Below code will work perfect in local.

const client = jwksClient({ strictSsl: true, // Default value jwksUri: 'https://login.microsoftonline.com/common/discovery/keys', requestHeaders: {}, // Optional requestAgentOptions: {}, // Optional });

var signkey = await client.getSigningKey(kid);

But when i deploy same code in azure app service i get result as undefined and below error

2023-11-30T06:32:04.589091676Z Error: socket hang up 2023-11-30T06:32:04.589151480Z at connResetException (node:internal/errors:720:14) 2023-11-30T06:32:04.589163380Z at TLSSocket.socketCloseListener (node:_http_client:474:25) 2023-11-30T06:32:04.589171781Z at TLSSocket.emit (node:events:526:35) 2023-11-30T06:32:04.589179781Z at node:net:323:12 2023-11-30T06:32:04.589187582Z at TCP.done (node:_tls_wrap:588:7) { 2023-11-30T06:32:04.589195582Z code: 'ECONNRESET' 2023-11-30T06:32:04.589203383Z }

I tried microsoft jwks urls with tenant_id, app_id. But same error. Im wondering how it is working in local and why not in azure app service.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,341 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,492 questions
{count} votes

1 answer

Sort by: Most helpful
  1. ajkuma 24,661 Reputation points Microsoft Employee

    1.As a quick step to isolate the issue, you may scale-up the App Service Plan and see if it helps.
    ( post test, you may scale-down, as required)

    2.For handling JWT token, please see this: Azure App Service EasyAuth and Azure Active Directory Flows.

    The built in authentication feature of App Service aka EasyAuth, implements the following Microsoft Entra ( Implicit Flow and Hybrid Flow).

    3.By default, Node.js doesn’t reuse connections - and in terms of Azure and the way SNAT (Source Network Address Translation) works, we can effectively exhaust all of our available SNAT ports quickly if they’re not being reused.

    You may try the approach outlined in this article: NodeJS with Keep-Alives and Connection Reuse ( Also, see the section Troubleshooting tools to fetch more details about the issue)

    4.Disable perMessageDeflate in your server-side Node.js code.

    Kindly let us know how it goes, I'll follow-up with you further.