Reputation: 45
connect azure function to b2c
So, I created azure b2c directory, and created inside it application like https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp, and I created azure function in general azure directory that suppose to read blob and return json file. Also I created custom login page for sign in. I ran my program locally, and I can login, and instead of call API that uses in github, I call azure function and it works. But now I want to secure access to function, so I make authLevel 'user' and try to make Authentication via Azure Active Directory. And no mater how I make settings, or I can't connect because I don't have permissions, or I can't use function because I don't have permissions. Also I get this error The client id ’/.auth/login/aad/callback' specified in the request is not registered in tenant ‘’.”
How should I connect function to b2c so only authorised users can have access to function response.
Upvotes: 2
Views: 3138
Answers (2)
Reputation: 444
With the new "User flows (policies)" a few small changes must be made to the selected answer:
Perform Step-3 as follows to get the "Metadata Endpoint URL”: a) Go to your B2C tenant and click on User flows (policies). b) Select your login (or sign up sign in) flow and click on “Run user flow”. c) Your "Metadata Endpoint URL” is displayed at the top of the new window – right beneath the ”Run user flow” heading.
Perform Step-4 and 5 as follows to configure “Authentication”: a) Go to your function apps and click on your function app (NOT on one of your functions inside your function app). b) Click on Platform features and then on Authentication / Authorization. c) Turn on “App Service Authentication”. Select “Log in with Azure Active Directory” and then click on “Azure Active Directory – Configured (Advanced)”.
Continue with Step-6.
Upvotes: 1
Reputation: 922
Setting up B2C authentication for your Azure Functions App is actually really easy:
- Create Azure Functions App and write down the URL
E.g. https://myazurefunctions.azurewebsites.net (make sure to make it a HTTPS URL)
Configure your application in Azure Active Directory B2C:
- Write down the Application ID
- Add a reply URL for your Functions App, adding the suffix /.auth/login/aad/callback. E.g. http://myazurefunctions.azurewebsites.net/.auth/login/aad/callback
Get the Metadata Endpoint URL for your Sign-in policy
- If you open the details of your sign-in policy, you'll find it right at the top. E.g.:
In your Functions App, on the bottom left select "Function app settings" and go to "Configure authentication":
Turn on authentication and select Azure Active Directory:
Select the advanced settings and enter the following values:
Client ID: The Application ID which you copied in step 2. a. Issuer Url: The Metadata Endpoint URL from step 3.
Save your settings and you're done!
Upvotes: 6
Related Questions
- azure functions and AD B2C integration
- Azure Function Authentication using AD B2C for Daemon Applications
- How to restrict an Azure function app's access to only AD B2C API connector?
- How to configure an Azure Function to use Azure B2C in an Azure Resource Manager Template?
- Connect to Active Directory B2C secured Azure Function App from Blazor Webassembly standalone
- How to use Postman to call Azure AD B2C protected function?
- Using Azure B2C Identity Experience Framework to call custom functions
- Azure AD B2C + App Service + Functions : How to flow the auth?
- Azure functions secured with Azure AD B2C returns unauthorized when using B2C tenant domain
- adding azure ad b2c authentication to azure function spa