I created a Node.js based web application, running in an Azure Web App, that I wanted to put behind an Azure Active Directory authentication. After activating "App Service Authentication", the login process works normally, however upon returning to my app, it just returns a HTTP 431 "Request Header Fields Too Large".
To validate it's not my app, I checked the Azure web app sample for Node.js and even this returns a 431 when activating AAD.
Steps to reproduce:
Result: When opening the web app URL with a browser, it will show the log in process, following the process everything seems to work fine and the AAD returns to the application, however at that point it returns a HTTP 431.
Any ideas? Am I missing something?
This is a known issue since there is limitation with more recent versions of node that utilize a hard cap of 8KB for headers. EasyAuth adds some very large headers to the request, which can cause the node container to reject the request made by the middleware container with a 400. Read more about it here: This can be mitigated by setting the app setting WEBSITE_AUTH_DISABLE_IDENTITY_FLOW to true. This will remove one of the largest headers we add to the request. This header is generally only used by .NET Framework and Azure Functions apps, and so this setting should be safe.
If the issue still occurs, you can try with NodeJS 12 versions or increase the header size parameter: node server.js --max-http-header-size 81000