Reputation: 120
Which Authentication suits best for Azure Function app when exposing to third party
I am trying to understand which authentication suits good for Azure Function app because I have to expose function app end point to external team.
I have enable Azure AD authentication and planning to share App registration client_id and client_secret (endpoint oauth2/v2.0/token) where they will generate bearer token to Authenticate and consume my endpoint.
I was wondering if there is any other best approach of authentication than Azure-AD because I am exposing to external team.
Please assist, Thank you.
Upvotes: 2
Views: 845
Answers (1)
Reputation: 3515
the most secure option is to request access tokens trough the Azuthorization Grant Flow with PKCE. No secret is required, however if you need to use one, we recommend using certificate credentials which are asymmetric thus the exposure of the secret is more and better controlled.
You can also, configure token and enforce additional security measures trough Conditional Access policies. With them you can configure session lifetimes, require MFA for selected or all external users that access your application, that they authenticate from a compliant device, well known IP range or location, and more.
Also, and at the PAAS level, you can Set up Azure App Service access restrictions.
Upvotes: 1
Related Questions
- Azure Function Authentication using AD B2C for Daemon Applications
- Secure Azure Functions App in another tenant
- Authentication for Azure Functions
- Azure Function App Chaining Authorisation
- Azure functions: Multiple functions with different authentication
- What is the correct way to authenticate an Azure function app using a service principal?
- How to use two various authentication in single Azure Function App?
- Azure Function custom API Authentication
- Azure Function Custom Authentication
- Using a 3rd party auth provider with Azure Functions