Thank you for the knowledge you have shared with us. I am curious to know about enabling AzureFunctions with third-party identity providers like google and facebook as well as our custom JWTToken based authentication/authorization. I found the way to implement either one but didn't find the way to enable both third-party identity providers as well as our custom JWTToken based verification. If we enable third-party identity providers, we are not able to call any AzureFunctions APIs like our JWTToken based call on AzureFunctions.
It seems it is possible via APIM as you mentioned it in this paragraph "So, for example, if you decide to authenticate your API with JWT Tokens, a "validate-jwt" policy should come before the "authentication-managed-identity" policy that we implemented here. Otherwise an "Authorization" header will be replaced before having a chance to be validated."
I want to make my app login with google, facebook as well as our internal JWTToken based authentication and authorizations.
Would you please guide me if it is possible in any way?
Any examples,samples, links would be highly appreciated.
Since the first ping-pong game written in Basic on a computer that I built myself from the components bought on a black market, programming became my passion which continues to this day.
"validate-jwt" policy allows only one Identity Provider, either Oauth or OIDC. So I think only one provider allowed per API.
It makes sense from the APIM point of view, as you usually use it to expose API to one client at a time.
Two way that I can see:
expose different endpoint for every provider
or make Auth dependent on some other header using "when condition" policy
E.g. when header "x-client"=Google use "jwt policy for Google"
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thank you for the knowledge you have shared with us. I am curious to know about enabling AzureFunctions with third-party identity providers like google and facebook as well as our custom JWTToken based authentication/authorization. I found the way to implement either one but didn't find the way to enable both third-party identity providers as well as our custom JWTToken based verification. If we enable third-party identity providers, we are not able to call any AzureFunctions APIs like our JWTToken based call on AzureFunctions.
It seems it is possible via APIM as you mentioned it in this paragraph "So, for example, if you decide to authenticate your API with JWT Tokens, a "validate-jwt" policy should come before the "authentication-managed-identity" policy that we implemented here. Otherwise an "Authorization" header will be replaced before having a chance to be validated."
I want to make my app login with google, facebook as well as our internal JWTToken based authentication and authorizations.
Would you please guide me if it is possible in any way?
Any examples,samples, links would be highly appreciated.
Thank you
"validate-jwt" policy allows only one Identity Provider, either Oauth or OIDC. So I think only one provider allowed per API.
It makes sense from the APIM point of view, as you usually use it to expose API to one client at a time.
Two way that I can see: