connect azure function to b2c

2
votes

So, I created azure b2c directory, and created inside it application like https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp, and I created azure function in general azure directory that suppose to read blob and return json file. Also I created custom login page for sign in. I ran my program locally, and I can login, and instead of call API that uses in github, I call azure function and it works. But now I want to secure access to function, so I make authLevel 'user' and try to make Authentication via Azure Active Directory. And no mater how I make settings, or I can't connect because I don't have permissions, or I can't use function because I don't have permissions. Also I get this error The client id ’/.auth/login/aad/callback' specified in the request is not registered in tenant ‘’.”

How should I connect function to b2c so only authorised users can have access to function response.

2
azure-active-directoryazure-functionsazure-ad-b2c

2 Answers

5
votes

Setting up B2C authentication for your Azure Functions App is actually really easy:

  1. Create Azure Functions App and write down the URL

E.g. https://myazurefunctions.azurewebsites.net (make sure to make it a HTTPS URL)

  1. Configure your application in Azure Active Directory B2C:

    enter image description here

  2. Get the Metadata Endpoint URL for your Sign-in policy

    • If you open the details of your sign-in policy, you'll find it right at the top. E.g.:

    enter image description here

  3. In your Functions App, on the bottom left select "Function app settings" and go to "Configure authentication":

    enter image description here

  4. Turn on authentication and select Azure Active Directory:

enter image description here

  1. Select the advanced settings and enter the following values:

    Client ID: The Application ID which you copied in step 2. a. Issuer Url: The Metadata Endpoint URL from step 3.

  2. Save your settings and you're done!

1
votes

With the new "User flows (policies)" a few small changes must be made to the selected answer:

Perform Step-3 as follows to get the "Metadata Endpoint URL”: a) Go to your B2C tenant and click on User flows (policies). b) Select your login (or sign up sign in) flow and click on “Run user flow”. c) Your "Metadata Endpoint URL” is displayed at the top of the new window – right beneath the ”Run user flow” heading.

Perform Step-4 and 5 as follows to configure “Authentication”: a) Go to your function apps and click on your function app (NOT on one of your functions inside your function app). b) Click on Platform features and then on Authentication / Authorization. c) Turn on “App Service Authentication”. Select “Log in with Azure Active Directory” and then click on “Azure Active Directory – Configured (Advanced)”.

Continue with Step-6.