'Using OpenIdConnect with AzureFunctions

I'm using azure functions to host an API for a react app, however I'm also using the same azure function to host the html/js/css for the app (via proxy functions to static files on blob storage).

I have been using EasyAuth to provide authentication for it which has been working brilliantly, however I need to support a identity provider that isn't built into EasyAuth (and it doesn't support custom ones at all). This means I'm falling back to using the Microsoft.AspNetCore.Authentication.OpenIdConnect package.

I have registered the auth in my startup file

 builder.Services
            .AddAuthentication()
            .AddCookie("WebJobsAuthLevel") //errors without this, although I suspect it's wrong
            .AddCookie("Bearer") //errors without this, although I suspect it's wrong
            .AddOpenIdConnect("custom", o =>
            {
                o.MetadataAddress = "https://localhost:44320/.well-known/openid-configuration";
                o.ClientId = "clientid";
                o.ClientSecret = "secret";
                o.ResponseMode = OpenIdConnectResponseType.Code;
                o.SignInScheme = "Cookies";
                o.GetClaimsFromUserInfoEndpoint = true;
             });

along with a function that lets me trigger the challenge

    [FunctionName("CustomAuth")]
    public async Task<IActionResult?> Challenge([HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = ".auth/login/custom")]HttpRequest req, ILogger log)
    {
        return new ChallengeResult("custom");
    }

If i hit this function it works great, redirecting to the auth provider to login.

However once i login it redirects back to my function app which 404's

http://localhost:7071/signin-oidc?querystringhere

At this stage I'm guessing that AddAuthentication isn't able to hook into incoming web requests like it can when using it in asp.net mvc core. Wondering if there's a known way that I can hook this up, either at a lower level or via custom azure functions

azure-functionsopenid-connect


Solution 1:[1]

Not the best solution but this nuget does the job until MS supports it. I have just tested and it works fine for me

https://github.com/kuromukira/azure-functions-jwt-validation-extension

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Emil

Related Questions

No authentication handler is registered for the scheme 'Cookies'. The registered schemes are: Application, Bearer, ASOS

What is the best approach to logout from keycloak after authentication via pkce?

How do I validate a JWT using JwtSecurityTokenHandler and a JWKS endpoint?

Change the preferred_username in token for client credential grant flow

ASP.NET Web API and OpenID Connect: how to get Access Token from Authorization Code

What are the default Lifetime values for openiddict tokens

Web API with Microsoft Identity Platform Authentication

RFC - Adding Group Claims from OKTA to Role Claims in .net Framework Using OIDC

Blazor WebAssembly Hosted on IIS - only API is working

OpenIdConnectProtocolValidator - nonce error

Logout from Keycloak does not logout Active Directory User

OpenIDConnect provider's HTTPS certificate doesn't match configured thumbprint

How to configure Keycloak to work with Guacamole's OpenID plugin?

Web App SPA & OIDC: How to properly authenticate before accessing the front?

Null Reference Exception when calling GraphServiceClient from a .net core Razor application that uses OpenIdConnect