I have an Azure Function (tried both Windows and Linux Consumption) using Azure App Service Authentication (Easy Auth) with a custom OpenId Connect provider to authenticate my Azure Function with an http trigger.
I configured a client in my Identity Provider (based on Duende Identity Server), acquired a token and then sent a request to the Azure Function (contains just the code that is initially created by Visual Studio when creating a Function App project).
This is the configuration I made in the Azure Portal:
When I now send the request to the Azure function endpoint I always get the following error:
{
"code": 401,
"message": "IDX10214: Audience validation failed. Audiences: 'System.String'. Did not match: validationParameters.ValidAudience: 'System.String' or validationParameters.ValidAudiences: 'System.String'."
}
I didn't find any option to configure an audience in the Azure Portal or via the Azure CLI and there's no documentation on how the audience has to look like to be accepted.
I also found a Github issue describing basically the same error: https://github.com/MicrosoftDocs/azure-docs/issues/72019
How can I either see what valid audiences are, configure a valid audience in Azure AppService Authentication or fix that error altogether?
PS: If I disable the authentication in Azure obviously the function is triggered and returns a response.
You should try using the Client ID as the scope while generating the token.
In some cases appending /.default
to the scope helps. Example eda25bbe-a724-43ba-8fa3-8977aba6fb36/.default
.