Azure Functions Python App – enable IdentityModelEventSource.ShowPII Property
Question:
I’m having some issues with the AAD authentication of my Python API which is hosted in Azure Functions.
The official documentation suggests to "enable PII to see the values removed from the message" in order to be able to check the Issuer & ValidIssuer. The documentation only references the .NET extension however. The search on learn.microsoft.com also only shows hits for .NET developers. How can I activate it for my Python API application?
The error code / return JSON I am stuck on:
{
"code": 401,
"message": "IDX10205: Issuer validation failed. Issuer: '[PII of type 'System.String' is hidden.
For more details, see https://aka.ms/IdentityModel/PII.]'.
Did not match: validationParameters.ValidIssuer:
'[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'
or validationParameters.ValidIssuers: '[PII of type 'System.String'
is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
For more details, see https://aka.ms/IdentityModel/issuer-validation. "
}
host.json file:
{
"version": "2.0",
"extensions": {
"http": {
"routePrefix": ""
}
}
}
local.settings.json file:
{
"IsEncrypted": false,
"Values": {
"AzureWebJobsStorage": "",
"FUNCTIONS_WORKER_RUNTIME": "python"
}
}
MyApp/function.json file:
{
"scriptFile": "__init__.py", # see below for contents
"disabled": false,
"bindings": [
{
"authLevel": "anonymous",
"type": "httpTrigger",
"direction": "in",
"name": "req",
"methods": [
"get",
"post"
],
"route": "{*route}"
},
{
"type": "http",
"direction": "out",
"name": "$return"
}
]
}
MyApp/__ init __.py file:
from ..FastAPIApp import app # see below for contents
nest_asyncio.apply()
logger = logging.getLogger()
@app.get("/status")
async def index() -> Dict:
return {
"info": "API is working normally.",
}
FastAPIApp/__ init __.py file:
import fastapi
app = fastapi.FastAPI()
Answers:
Answer from the MS forum (copy-paste):
The IdentityModelEventSource.ShowPII property is part of Azure SDK for .NET and the same for Python would be MSAL for Python. And it doesn’t seem possible to enable it as this doc states the following about the logging of PII data:
MSAL for Python does not log personal data or organizational data. There is no property to turn personal or organization data logging on or off.
I’m having some issues with the AAD authentication of my Python API which is hosted in Azure Functions.
The official documentation suggests to "enable PII to see the values removed from the message" in order to be able to check the Issuer & ValidIssuer. The documentation only references the .NET extension however. The search on learn.microsoft.com also only shows hits for .NET developers. How can I activate it for my Python API application?
The error code / return JSON I am stuck on:
{
"code": 401,
"message": "IDX10205: Issuer validation failed. Issuer: '[PII of type 'System.String' is hidden.
For more details, see https://aka.ms/IdentityModel/PII.]'.
Did not match: validationParameters.ValidIssuer:
'[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'
or validationParameters.ValidIssuers: '[PII of type 'System.String'
is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
For more details, see https://aka.ms/IdentityModel/issuer-validation. "
}
host.json file:
{
"version": "2.0",
"extensions": {
"http": {
"routePrefix": ""
}
}
}
local.settings.json file:
{
"IsEncrypted": false,
"Values": {
"AzureWebJobsStorage": "",
"FUNCTIONS_WORKER_RUNTIME": "python"
}
}
MyApp/function.json file:
{
"scriptFile": "__init__.py", # see below for contents
"disabled": false,
"bindings": [
{
"authLevel": "anonymous",
"type": "httpTrigger",
"direction": "in",
"name": "req",
"methods": [
"get",
"post"
],
"route": "{*route}"
},
{
"type": "http",
"direction": "out",
"name": "$return"
}
]
}
MyApp/__ init __.py file:
from ..FastAPIApp import app # see below for contents
nest_asyncio.apply()
logger = logging.getLogger()
@app.get("/status")
async def index() -> Dict:
return {
"info": "API is working normally.",
}
FastAPIApp/__ init __.py file:
import fastapi
app = fastapi.FastAPI()
Answer from the MS forum (copy-paste):
The IdentityModelEventSource.ShowPII property is part of Azure SDK for .NET and the same for Python would be MSAL for Python. And it doesn’t seem possible to enable it as this doc states the following about the logging of PII data:
MSAL for Python does not log personal data or organizational data. There is no property to turn personal or organization data logging on or off.