How to configure your App Service application to use Google login
This topic shows you how to configure Azure App Service to use Google as an authentication provider.
To complete the procedure in this topic, you must have a Google account that has a verified email address. To create a new Google account, go to accounts.google.com.
Log on to the Azure portal, and navigate to your application. Copy your URL, which you use later to configure your Google app.
Navigate to the Google apis website, sign in with your Google account credentials, click Create Project, provide a Project name, then click Create.
Once the project is created, select it. From the project dashboard, click Go to APIs overview.
Select Enable APIs and services. Search for Google+ API, and select it. Then click Enable.
In the left navigation, Credentials > OAuth consent screen, then select your Email address, enter a Product Name, and click Save.
In the Credentials tab, click Create credentials > OAuth client ID.
On the "Create client ID" screen, select Web application.
https://contoso.azurewebsites.net/.auth/login/google/callback. Make sure that you are using the HTTPS scheme. Then click Create.
On the next screen, make a note of the values of the client ID and client secret.
The client secret is an important security credential. Do not share this secret with anyone or distribute it within a client application.
Back in the Azure portal, navigate to your application. Click Settings, and then Authentication / Authorization.
If the Authentication / Authorization feature is not enabled, turn the switch to On.
Click Google. Paste in the App ID and App Secret values which you obtained previously, and optionally enable any scopes your application requires. Then click OK.
By default, App Service provides authentication but does not restrict authorized access to your site content and APIs. You must authorize users in your app code.
(Optional) To restrict access to your site to only users authenticated by Google, set Action to take when request is not authenticated to Google. This requires that all requests be authenticated, and all unauthenticated requests are redirected to Google for authentication.
Restricting access in this way applies to all calls to your app, which may not be desirable for apps wanting a publicly available home page, as in many single-page applications. For such applications, Allow anonymous requests (no action) may be preferred, with the app manually starting login itself, as described here.
- Click Save.
You are now ready to use Google for authentication in your app.