Skip to main content

Azure Static Web App - Authentication using pre-configured providers

As a follow-up on the presentation I did at CloudBrew about Azure Static Web Apps I want to write a series of blog posts.

I ended 2023 with a post about protecting access to your Azure Static Web App using a password. Of course this is a poor man’s implementation of security. So let us have a look today on how to properly integrate authentication in our Azure Static Web App.

Authentication in itself is a broad topic, we can further refine it in 2 parts:

  • Who are you? The real authentication part
  • What are you allowed to do? This is more a question of authorization instead of authentication

Let us focus on the first question in this post. To allow a Static Web App to know who you are we need to integrate with an authentication provider. 

Pre-configuration authentication providers

Azure Static Web Apps comes with 2 pre-configured authentication providers:

  • Github
  • Azure Active Directory (Microsoft Entra ID)

Remark: Originally there was also a pre-configured provider for Twitter(X) but this got removed. 

To authenticate against one of the preconfigured providers you need to browse to a specific endpoint:

Then I embedded this in my navigation component:

Authorization Provider Endpoint
Microsoft Entra ID /.auth/login/aad
Github /.auth/login/github

Both providers are enabled by default. If you want to disable one of them you need to do this by blocking access to this endpoint through the staticwebapps.json.config file:

Next to the built-in providers, it is also possible to configure one or more custom providers but I’ll leave that for a later post.

Authenticating

To authenticate, you need to send the user to one of the above endpoints. Here is an example on how I did this in an Angular application:

I first created a login component that renders a link for a specific authentication provider:

This renders a (simple) UI that looks like this:


When clicking on a specific authentication provider the user is redirected and is requested to authenticate against the selected provider:

After being authenticated we can receive the user information by sending a GET request to the /.auth/me endpoint. This will return a JSON object like the following:

In my Angular app I added some extra logic to call this endpoint and receive the user info:

More information

Authenticate and authorize Static Web Apps | Microsoft Learn

Accessing user information in Azure Static Web Apps | Microsoft Learn

Labels:

Popular posts from this blog

Podman– Command execution failed with exit code 125

After updating WSL on one of the developer machines, Podman failed to work. When we took a look through Podman Desktop, we noticed that Podman had stopped running and returned the following error message: Error: Command execution failed with exit code 125 Here are the steps we tried to fix the issue: We started by running podman info to get some extra details on what could be wrong: >podman info OS: windows/amd64 provider: wsl version: 5.3.1 Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM Error: unable to connect to Podman socket: failed to connect: dial tcp 127.0.0.1:2655: connectex: No connection could be made because the target machine actively refused it. That makes sense as the podman VM was not running. Let’s check the VM: >podman machine list NAME         ...
Read more

Azure DevOps/ GitHub emoji

I’m really bad at remembering emoji’s. So here is cheat sheet with all emoji’s that can be used in tools that support the github emoji markdown markup: All credits go to rcaviers who created this list.
Read more

VS Code Planning mode

After the introduction of Plan mode in Visual Studio , it now also found its way into VS Code. Planning mode, or as I like to call it 'Hannibal mode', extends GitHub Copilot's Agent Mode capabilities to handle larger, multi-step coding tasks with a structured approach. Instead of jumping straight into code generation, Planning mode creates a detailed execution plan. If you want more details, have a look at my previous post . Putting plan mode into action VS Code takes a different approach compared to Visual Studio when using plan mode. Instead of a configuration setting that you can activate but have limited control over, planning is available as a separate chat mode/agent: I like this approach better than how Visual Studio does it as you have explicit control when plan mode is activated. Instead of immediately diving into execution, the plan agent creates a plan and asks some follow up questions: You can further edit the plan by clicking on ‘Open in Editor’: ...
Read more