I'm using the Teams Toolkit for a node-based Tab app with Azure Functions API. I noticed that provisioning the service it will add an Identity provider on Function App level which validates the JWT Token.
Further, the TeamsFx input binding seems to be doing this kind of authentication a second time if I'm reading the docs correctly.
Does that mean I can safely remove the Function App based authentication and still have fully secured individual functions as long as I'm using the TeamsFx binding? This way I could have non-secured endpoints without having to create a whole different Function App.
Digging deeper into the TeamsFx binding it seems to be depending on the Web App authentication so - no, you should not disable the Function App based authentication.
// We rely on Web App authentication feature to validate the token, assume the authorization token is valid
https://github.com/OfficeDev/TeamsFx/blob/main/packages/function-extension/src/TeamsFxBinding.cs#L60