Auth
Azure App Services provide built-in authentication and authorisation tools which enable access restriction with no/low code development.
Auth is built directly into the platform as a sidecar container to your web app, where it acts as middleware before incoming requests hit your application. It handles authentication with a specified federated provider, session management and OAuth token validation and refresh logic. When the auth middleware is finished, identity information is added to the incoming request headers for use in your application code.
Providers
The following identity providers are available by default:
| Provider | Endpoint |
|---|---|
| Microsoft Entra (Azure Active Directory) | /.auth/login/aad |
/.auth/login/facebook |
|
/.auth/login/google |
|
| X | /.auth/login/x |
| GitHub | /.auth/login/github |
| Other (OIDC) | /.auth/login/<provider> |
For Linux and other custom containers, the auth module runs out-of-process. This means that no direct language framework integration is possible, since the container itself is isolated from your application code.
Flows
The Auth module has two flows available for authentication:
server-directed- typical for browser apps, user signs in to redirected login pages which calls back to auth module for completionclient-directed- typical for browserless apps, application code signs user in and validates token by passing it to the auth module
Logging
If application logs are enabled for your app, auth traces are collected into your log files for ease of debugging.