Reputation: 284
Need advice for Azure functions oauth2 authentication
I am building product using Azure Functions (nodeJS).
I have azure function, which will act as oauth2 authentication server following the oauth2 standards and will be used by all other function projects.
It will be used by Azure functions part of the same product.
I am wondering can I use "authLevel": "function" to make sure it is call is from "allowed client"?
Or I have to implement client verification functionality as per oauth2?
Upvotes: 0
Views: 441
Answers (1)
Reputation: 42153
When you use "authLevel": "function", it just means the function requires the function key to auth, the function url will be like https://joyfunction.azurewebsites.net/api/HttpTrigger1?code=w9xxxxxVcfxRQ==, the code is the function key, it will be exposed in the url, anyone got it will be able to access the function.
In your case, I recommend you to secure the function with Azure AD, by default, it just allows the users in your AAD tenant to access the function, you can also set it to let the users with the specific role to access the function, follow this blog https://adatum.no/azure/azure-ad-authentication-in-azure-functions.
Upvotes: 1
Related Questions
- How to implement Authentication and Authorization Nodejs Azure Functions App with Azure AD
- Implement OAuth2 to call Azure Rest API from an Azure function
- Configure Authentication with Azure Functions on LocalHost
- Authentication for Azure Functions
- Azure Functions and Google API with Google OAuth2 (node.js)
- azure functions Authentication
- Azure AD Authentication in Azure Functions
- Azure Functions and Node.js
- Authenticate Azure Function by Token with Resource
- Azure Functions [JavaScript / Node.js] - HTTP call, good practices