Use Azure AD as IDP to protect Azure function

Question

I am using Azure function Authentication, I can see 2 selections: Authentication and Authentication(classic) which one should I use? Currently I am using Authentication, not the classic one and I use Microsoft as IDP: created a new app for it. Seems it works and each time I access my Azure function, I got 401 error. So the question comes: How can I pass this Auth? should I use a token or something like that? I can't find a doc about it. Thanks!

Answer 1

I think you are in the right direction, Authentication(classic) of Azure function is an old version. It is recommended to use the new one.

If you want to access the Azure function that protected by Authentication(Azure AD App), you need to request an access token for it. Try the steps below:

1. Go to Azure AD => App registrations => The App you created to protect your Azure function=> Expose an API to add a scope, for instance, access_as_user so that your SPA could require an access token for this scope:

2. Got to Azure AD => App registrations => The App you created for your SPA app=> API permissions => Add a permission => My APIs to grant the scope we just created:

Click the grant admin consent button to finish the process.

3. In your SPA app, use MsalService to acquire an access token with scope: api://<your azure function app id>/access_as_user, by this token, you can access your Azure function. For a quick test, I just test it in postman and it works perfectly: