1

Problem is that I get Functions runtime is unreachable error after adding AddAccessTokenManagement() in startup.cs file. Also the list of fuctions in azure is empty. The best part is that from app insights I see that my cron job is beeing executed anyway, and token is working. When running my code in local enviroment there is no problem reported, deployments also seems to be fine. This is how I configure my http client to work with identity token:

    private void ConfigureAccessToken(IFunctionsHostBuilder builder)
    {
        var IdentityServerUrl = "<serverUrl>"; ;

        builder.Services.AddHttpClient();
        builder.Services.AddAccessTokenManagement(options =>
        {
            options.Client.Clients.Add("cloud-service", new ClientCredentialsTokenRequest
            {
                Address = $"{IdentityServerUrl}/connect/token",
                ClientId = _authorizationConfig.ClientId,
                ClientSecret = _authorizationConfig.ClientSecret,
            });
        });
        builder.Services.AddClientAccessTokenClient("internal-client", configureClient: client => { });
    }

Worth to mention that this way of configuring it works with my Web API application.

Any ideas guys?

artsch
  • 225
  • 2
  • 10
  • Keep in mind that the configuration mechanism of Azure functions and a traditional .net core API are not the same so you shouldn't expect them to behave equally. Here's my answer to a similar question explaining the differences (https://stackoverflow.com/questions/62960764/how-to-modify-iconfiguration-natively-injected-in-azure-functions/63124002#63124002). If you need more help I can spell it out in an answer here too. – lopezbertoni Dec 25 '20 at 23:44
  • Very nice article how to handle the configuration, but I don't see info about token there. – artsch Dec 27 '20 at 14:54

1 Answers1

1

I found the answer by myself. Looks like token confiuration for azure functions differ from Web API. Working code below:

    private void ConfigureAccessToken(IFunctionsHostBuilder builder)
    {
        var IdentityServerUrl = "<serverUri>";

        builder.Services.Configure<AccessTokenManagementOptions>(o =>
        {
            o.Client.Clients.Add("cloud-service", new ClientCredentialsTokenRequest
            {
                Address = $"{IdentityServerUrl}/connect/token",
                ClientId = _authorizationConfig.ClientId,
                ClientSecret = _authorizationConfig.ClientSecret,
            });
        });

        builder.Services.AddDistributedMemoryCache();
        builder.Services.AddTransient<ITokenClientConfigurationService, DefaultTokenClientConfigurationService>(s =>
        {
            return new DefaultTokenClientConfigurationService(
                s.GetRequiredService<IOptions<AccessTokenManagementOptions>>(),
                null,
                null);
        });

        builder.Services.AddHttpClient(AccessTokenManagementDefaults.BackChannelHttpClientName);
        builder.Services.TryAddTransient<ITokenEndpointService, TokenEndpointService>();
        builder.Services.TryAddTransient<IClientAccessTokenCache, ClientAccessTokenCache>();
        builder.Services.AddTransient<IAccessTokenManagementService, AccessTokenManagementService>(s =>
        {
            return new AccessTokenManagementService(
                null,
                null,
                s.GetRequiredService<IOptions<AccessTokenManagementOptions>>(),
                s.GetRequiredService<ITokenEndpointService>(),
                s.GetRequiredService<IClientAccessTokenCache>(),
                s.GetRequiredService<ILogger<AccessTokenManagementService>>()
                );
        });

        builder.Services.AddTransient<ClientAccessTokenHandler>();
        builder.Services.AddClientAccessTokenClient("internal-client", configureClient: config => {});
    }
artsch
  • 225
  • 2
  • 10
  • That looks like a lot of strange boiler plate code. One wonders why did they make it so complicated – Erik83 Apr 09 '21 at 11:15
  • I am having a similar issue, what version of the IdentityModel.AspNetCore are you using? Thanks – bobbo Nov 08 '22 at 15:27
  • It does not work with never versions, that is why I sticked to it. even after migrating to .NET 6 – artsch Nov 09 '22 at 18:15