-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WebSocket disconnects and does not return the response when authentication enabled #812
Comments
Thanks for the repro @mikitakandratsiuk. I'm still looking at it, so I don't have much of an update. But I can repro it and setting uvicorn log_level to trace shows that the client -> server message is reaching it, but it gets 1002 ProtocolError when it's trying to write back
I can also see from the edge loadbalancer that the upstream disconnected. so it's definitely something isolated inside the auth service that's rejecting the write from the python app. I've contacted the owners of the auth service as I don't see any helpful logs from there. Will update when I have an update |
Hi @ahmelsayed, |
Hi @ahmelsayed, |
Sorry for the delay. It seems that the problem is in the auth proxy not supporting compression; websocket's For a workaround you can disable compression in uvicorn by setting e.g: if __name__ == "__main__":
uvicorn.run(app, host="0.0.0.0", port=8000, ws_per_message_deflate=False) |
Hi @ahmelsayed, Although, in my case it required some downstream workarounds, because I use third-party libraries and don't have direct access to Thanks again for the support! |
Yes, I think it should ideally just work. So will mark it as bug for now |
This issue is a: (mark with an x)
Issue description
WebSocket disconnects and does not return the response when authentication enabled.
I have a sample Web Socket echo server mikitakandratsiuk/sample-websocket written in Python which appends all submitted messages on the page. It works fine in the ACA when authentication is disabled.
When the authentication is enabled (Azure AD), the WebSocket connection is being established, but when submitting a message the response is not returned (i.e. message is not appended on the page) and connection is closed with the exception on the server side (see below).
Steps to reproduce
https://**********.germanywestcentral.azurecontainerapps.io/ws
. It opens a WebSocket connection. When submit a text message into the form, it is sent to WebSocket and response is appended on the page./ws
page again. In the browser console log note that WebSocket connection is established. Submit a text message. Note that response is not returned from the WebSocket and not appended on the page. Additionally note the disconnect exception in the Container App logs.Expected behavior [What you expected to happen.]
Application with WebSocket and enabled authentication works fine (submitted messages are returned and appended on the page), same as it works when the authentication is disabled.
Actual behavior [What actually happened.]
WebSocket disconnects when the message is submitted.
Screenshots
![authentication-issue](https://private-user-images.githubusercontent.com/33225805/249186308-1a4bd629-f44f-4887-b4a3-d35b1b81739d.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjIxMjY0NDQsIm5iZiI6MTcyMjEyNjE0NCwicGF0aCI6Ii8zMzIyNTgwNS8yNDkxODYzMDgtMWE0YmQ2MjktZjQ0Zi00ODg3LWI0YTMtZDM1YjFiODE3MzlkLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzI4VDAwMjIyNFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTJlNGRjZjk5ZjU0OTA4YTk3YjMzMmUxYTcxODM4MzY1OTZjYjdjOTNjOGMzYzQwMzUzMTFmOWQyN2RkYWI1MDYmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.ZvV7yn6I0YPObnOHzRS_BKyqMaXnhYO4-9DxVdcjOhU)
Additional context
All services are spined up using Azure Portal.
Additionally, I have followed the issue #549. I tried to run jmalloc/echo-server, and it works fine with and without authentication. However, I'm not sure it is the same problem.
The text was updated successfully, but these errors were encountered: