Azure Web App Node.js Azure AD = Error 431


I created a Node.js based web application, running in an Azure Web App, that I wanted to put behind an Azure Active Directory authentication. After activating "App Service Authentication", the login process works normally, however upon returning to my app, it just returns a HTTP 431 "Request Header Fields Too Large".

To validate it's not my app, I checked the Azure web app sample for Node.js and even this returns a 431 when activating AAD.

Steps to reproduce:

  • Create new Azure resource -> Web App
    • Select any Node based runtime stack, for example Node 12 LTS
    • Select any OS
    • Create the web app and wait for deployment to finish
  • Create a simple web app
  • In the web app settings, go to "Authentication / Authorization"
    • Turn "App Service Authentication" to "On"
    • Select Azure Active Directory
    • Select Express Management Mode and create a new Azure AD App in the process
    • As "Action to take when request is not authenticated" select "Log in with Azure AD"
    • Confirm

Result: When opening the web app URL with a browser, it will show the log in process, following the process everything seems to work fine and the AAD returns to the application, however at that point it returns a HTTP 431.

Further tests:

  • Deactivate the authentication and everything works fine again
  • Upload a simple .html file instead of a Node app works fine with authentication enabled
  • Tested with restify and http

Any ideas? Am I missing something?


This is a known issue since there is limitation with more recent versions of node that utilize a hard cap of 8KB for headers. EasyAuth adds some very large headers to the request, which can cause the node container to reject the request made by the middleware container with a 400. Read more about it here:   This can be mitigated by setting the app setting WEBSITE_AUTH_DISABLE_IDENTITY_FLOW to true. This will remove one of the largest headers we add to the request. This header is generally only used by .NET Framework and Azure Functions apps, and so this setting should be safe.

If the issue still occurs, you can try with NodeJS 12 versions or increase the header size parameter: node server.js --max-http-header-size 81000