Azure Function v2 google authentication with google

3
votes

I have an Azure Function app with Log in with google (I only need google right now) and I cant authenticate correctly

gooogle configured and log in with google on

Trial 1 :

  1. I make a get request to my api : https://examplefunctions.azurewebsites.net/
  2. Google authentication pop up
  3. Enter my credentials
  4. then I make a get request to https://examplefunctions.azurewebsites.net/.auth/me
  5. I get an json with access_token and id_token and other properties like user_claims etc
  6. then I go to postman
  7. make an get request to an function that have AuthorizationLevel.Anonymous : https://examplefunctions.azurewebsites.net/api/myfunction
  8. Enter the access_token in the autorization with OAuth 2.0
  9. server return an 401 : You do not have permission to view this directory or page.
  10. then replace the access_token with the id_token information in the autorization tab in post man and the server return the same.

After that do the following:

Trial 2 :

  1. go to https://examplefunctions.azurewebsites.net/.auth/login/google in the browser
  2. Google authentication pop up
  3. Enter my credentials
  4. the server redirect to an url that have this property authenticationToken
  5. I enter this authenticationToken in the OAuth2.0 in postman and return the same 401 : You do not have permission to view this directory or page.

Then I do this and authenticate :

Trial 3 :

  1. go to https://examplefunctions.azurewebsites.net/.auth/login/google in the browser
  2. Google authentication pop up
  3. Enter my credentials
  4. the server redirect to an url that have this property authenticationToken
  5. In the headers of post man I put X-ZUMO-AUTH with the value previusly receive in authenticationToken and voila the server response with an OK status with my expected json.

But here the problem in the trial 3 (the only one that works) I dont receive the claims. --> here I get a null var claims = req.HttpContext.User.Claims;

And I need the user google information. Another thing is That I dont want to login using a header like X-ZUMO-AUTH, I want to use the OAuth 2.0 standard.

I dont know why I cant access using the trial 1 and 2, because the server return me an token after i log in, this token seems useless.

I have been trying to make a good google authentication for a week and I cant, I need your help.

NOTE : I will consume this api with an angular, postman, xamarin or maybe flutter

2
azureazure-active-directorypostmanazure-functionsazure-authentication
Did you create the function from portal? I created a basic function from portal and trail 3 is working for me, it returns stable_sid and other claims successfully. Perhaps trial 1 and 2 are not supported for function apps. Do check Azure Functions and App Service Authentication for implementing google auth, and samples here AzureFunctionsEasyAuth - Nouman

2 Answers

0
votes

Last week there has been regression. Fix has been deployed. Customers will pick up the new behavior after a site restart (so may need to restart their sites if this does not occur organically).

0
votes

I found a solution!!!

The problem was that I was using the azure function autentication alone, but for a best practice autentication in azure, you need to convinate Azure B2C Active Directory Tenant with your azure function app

I followed thouse tutorials :

Here you learn to configure the tenant
https://youtu.be/a1s6LMXi7Xk

Here with the previous learning you complete the Azure Functions authentication https://blogs.msdn.microsoft.com/hmahrt/2017/03/07/azure-active-directory-b2c-and-azure-functions/

Now every user that log in to my app is registed in the B2C tenant and I can have more detail information of who is using my app and when is loging in, etc