Azure Functions proxy authentication

Question

I need to create a proxy working as Azure Functions between two APIs. Let's draw a little diagram:

[API A/client] <----> [proxy] <----> [API B/backend]

The backend API has a custom authentication scheme - in order to be authorized to use all endpoints we need to get Session Token first. Then we put it as an Authenticate header - this way calls to other backend's endpoints will not result in some kind of 401 or similar.

Client's view n authentication is not defined yet (meaning that we haven't reached it's techinical team yet) so it's hard to assume anything but let's say it will handle whatever we tell it to do.

How to implement such auth scheme for our proxy? I was thinking about following approach:

• client calls proxy's method GetSessionToken anonymously
• proxy calls backend's method GetSessionToken anonymously, backend responds with Session Token in in response body
• proxy creates a jwt token that keeps the Session Token, proxy attaches this token as a Authentication/Bearer header in response to client

I just started using Azure Functions a few days ago and while I know how to implement this as an usual .net core app, I have no idea how to do it in Azure Functions which are not as sophisticated.

Daniel

Answer 1

Proxies currently don't support extracting some value from response body and adding it to a response header. You might need to do this in a function code or use Azure API Management.