Incorrect encoding when decoding the ClientPrincipal

[mumbler9486]

Hi, been getting an issue with the adapter when decoding the x-ms-client-principal.

I have a B2C tenant where we have a custom attribute called PlayerName (string). I have a SvelteKit app running on Azure's Static Web Apps consuming the x-ms-client-principal. This field accepts pretty much any character but for our purposes we'd like to allow kanji characters like 漢字 .

When Sveltekit parses the header, I get this exception:

Exception while executing function: Functions.sk_render Result: Failure Exception: Unexpected token � in JSON at position 93 Stack: SyntaxError: Unexpected token � in JSON at position 93     at JSON.parse (<anonymous>)     at getClientPrincipalFromHeaders (/home/site/wwwroot/sk_render/index.js:117420:32)     at Object.index23 (/home/site/wwwroot/sk_render/index.js:117435:27)     at t.InvocationModel.<anonymous> (/azure-functions-host/workers/node/dist/src/worker-bundle.js:2:59683)     at Generator.next (<anonymous>)     at /azure-functions-host/workers/node/dist/src/worker-bundle.js:2:58008     at new Promise (<anonymous>)     at h (/azure-functions-host/workers/node/dist/src/worker-bundle.js:2:57753)     at t.InvocationModel.invokeFunction (/azure-functions-host/workers/node/dist/src/worker-bundle.js:2:59490)     at m.<anonymous> (/azure-functions-host/workers/node/dist/src/worker-bundle.js:2:37872)

I believe the error happens here: https://github.com/geoffrich/svelte-adapter-azure-swa/blob/main/files/headers.js#L59

Which the Microsoft documentation says the same thing: https://learn.microsoft.com/en-us/azure/static-web-apps/user-information?tabs=javascript#api-functions

However I think this is incorrect because the client principal is basically a JWT encoded which I think are encoded UTF-8. I think the Microsoft documentation is incorrect.

I wanted to get a confirmation from them before sending in an issue but nothing from them so far. https://learn.microsoft.com/en-us/answers/questions/1375113/azure-b2c-client-principal-encoding-documentation?page=1&orderby=helpful&comment=answer-1323081

Reproduction steps:

1. Setup B2C login for the website
2. Add custom string attribute field
3. Create new account and add kanji characters
4. Login with said account
5. 500 error while logged in on the site

I still have this setup so I can maybe do some testing.

[geoffrich]

Thanks for the report - do you think you could open a PR with a failing test that reproduces the issue? It would go here:

svelte-adapter-azure-swa/test/headers.test.js

Lines 102 to 121 in 1dc3918

	describe('client principal parsing', () => {
	test('parses client principal correctly', () => {
	const original = {
	identityProvider: 'aad',
	userId: '1234',
	userDetails: '[email protected]',
	userRoles: ['authenticated']
	};
	const headers = new Headers({
	'x-ms-client-principal': Buffer.from(JSON.stringify(original)).toString('base64')
	});
	expect(getClientPrincipalFromHeaders(headers)).toStrictEqual(original);
	});
	test('returns undefined when there is no client principal', () => {
	expect(getClientPrincipalFromHeaders(new Headers())).toBeUndefined();
	});
	});

If you want to contribute a fix too that would be welcome, but just giving a test case would really help.

I'll also open a PR (hopefully today) to try/catch the reading of the client principal header, so we at least don't crash due to an encoding issue.

[geoffrich]

v0.19.1 of the adapter should no longer throw an exception if it can't parse the client principal.