You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
that the request will be mutated by BearerTokenPolicy.
Since the pipeline is set up so that BearerTokenPolicy runs after the request is cloned, the Authorization token is not longer available after the pipeline runs.
Looking at the code in runtime.NewPipeline, it doesn't seem possible to disable this cloning behaviour at all after that PR.
The only way I see this can be fixed is to move BearerTokenPolicy from PerRetry to PerCall:
This ensures the auth BearerTokenPolicy runs on the original non-cloned request and mutates it by adding Authorization header.
I tried it and it does the trick. Although I'm not sure if it will cause some other issues to do with token refresh etc. I think the BearerTokenPolicy does all kind of refresh in the background so everything should continue as normal.
In any case, this is completely broken since azcore v1.6.1 so unless someone finds another way, I don't see how this can be fixed.
The text was updated successfully, but these errors were encountered:
It took me a bit of effort to get here, so to make it easier on people hitting this error, this was showed up in our logs:
StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=401 Code="AuthenticationFailed" Message="Authentication failed. The 'Authorization' header is missing.
Thank you for this library and for fixing the bug!
Since the release of
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1
authentication is broken.This is due to this PR: Retry policy will always clone the *http.Request #20843, and in particuar due to this line:
This breaks the assumption at
azidext/go/azidext/azure_identity_credential_adapter.go
Line 44 in ecb3be2
BearerTokenPolicy
.Since the pipeline is set up so that
BearerTokenPolicy
runs after the request is cloned, theAuthorization
token is not longer available after the pipeline runs.Looking at the code in
runtime.NewPipeline
, it doesn't seem possible to disable this cloning behaviour at all after that PR.The only way I see this can be fixed is to move
BearerTokenPolicy
fromPerRetry
toPerCall
:This ensures the auth
BearerTokenPolicy
runs on the original non-cloned request and mutates it by addingAuthorization
header.I tried it and it does the trick. Although I'm not sure if it will cause some other issues to do with token refresh etc. I think the
BearerTokenPolicy
does all kind of refresh in the background so everything should continue as normal.In any case, this is completely broken since
azcore v1.6.1
so unless someone finds another way, I don't see how this can be fixed.The text was updated successfully, but these errors were encountered: