Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,578 questions
Function App breaks whenever one identity provider is unreachable
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 76%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELA%3C/text%3E%3C/svg%3E)
Luis Arteiro
1
Reputation point
To keep it simple, I am using a Function App with two identity providers: one is Microsoft's (referring to an app registration) and an OpenID Connect one.
Everything works smoothly and the authentication is occuring correctly for tokens from both instances. Users can either use our application if they authenticate through Azure Active Directory or through the custom OpenID Connect on-prem.
However, there's a problem. If, for some reason, the configured OpenID Connect custom identity provider is down, the whole API stops responding (errors with 503) everytime an endpoint is called. The following error occurs:
System.TypeInitializationException: The type initializer for 'Microsoft.Azure.AppService.Middleware.ModuleUtils' threw an exception.
2022-07-05T14:12:06.357092584Z ---> Newtonsoft.Json.JsonSerializationException: Error getting value from 'AuthorizationEndpointString' on 'Microsoft.Azure.AppService.Middleware.Modules.OpenIdConnectEndpointConfig'.
2022-07-05T14:12:06.357261383Z ---> Microsoft.Azure.AppService.Middleware.HttpException: Exception of type 'Microsoft.Azure.AppService.Middleware.HttpException' was thrown.
2022-07-05T14:12:06.357386383Z at Microsoft.Azure.AppService.Middleware.OpenIdConnectConfiguration.Download(String siteName, String url) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/OpenIdConnectConfiguration.cs:line 77
This is expected since obviously EasyAuth can't reach the downed custom provider. However, is there a way to bypass this error? I don't want the API to go down just because one identity provider is down. It should still receive requests and respond accordingly (if a request has a Microsoft token, it works. If not, it refuses and refuses the connection as unauthenticated).
Is there a way to set my API up so it doesn't crash just because one of the identity providers is down? It should be open to new requests and just not check with the downed identity provider.
Thank you very much!
{count} votes
-
Carlos Solís Salazar 18,171 Reputation points MVP2022-07-10T12:48:48.593+00:00 Thank you for asking this question on the **Microsoft Q&A Platform. **
You have not received answers or comments to your question because it may be ambiguous or confusing.
I recommend you visit How to write a quality question and verify that your question meets some of the recommendations.
Hope this helps,
Carlos Solís Salazar----------
NOTE: To answer you as quickly as possible, please mention me in your reply.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 33%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
MughundhanRaveendran-MSFT 12,491 Reputation points2022-07-13T08:44:46.393+00:00 @Luis Arteiro , How have you configured the Openid connect with function app? We can enable easy auth from the portal, I just wanted to understand how the openid connect is configured. If you have followed any article, please share it
-
MughundhanRaveendran-MSFT 12,491 Reputation points
2022-07-15T05:29:27.12+00:00 Did you get a chance to look into my previous comment? Please provide your inputs
Sign in to comment
Sign in to answer