How to reuse AD authentication from app service in azure function?
I'm trying to utilize built-in Azure App Service / Function AD authentication for access control. I'd like to use the same authentication for both the app service (which is a UI SPA app) and the function (HTTP trigger) so that users only need to log in once. My function app is a node.js function.
I do not need authorization, i.e. I just want to let certain users use the app service and function but they all have full access.
I have an app service set up with AD authentication which works beautifully by just enabling AD authentication from the portal and selecting "express" mode with the correct AD application. The AD app has implicit authentication flow enabled.
The problem is the function. How do I reuse the user's authentication status from the app service (i.e. the single-page frontend app) for the function?
Right now I'm at a point where I can obtain an authentication token using AAD MSAL but I cannot seem to be able to access the function with that. It doesn't help that there seem to be a dozen ways to use the auth (X-ZUMO, OAuth bearer, etc.).
To summarize, I'd like to just restrict access to SPA web app (app service) and function so that user is only required to login once. I can implement authentication code in the function but if I can get it to just Work(tm) without touching the function code, even better.
Assuming you already have the Easy Auth setup to your Web App, all you need to do is add your function app as as allowed audience.
More info: https://stackoverflow.com/a/53511688