Microsoft.Web sites/config authsettingsV2

Template format

To create a Microsoft.Web/sites/config resource for auth settings V2, add the following JSON to the resources section of your template.

{
  "name": "authsettingsV2",
  "type": "Microsoft.Web/sites/config",
  "apiVersion": "2020-12-01",
  "properties": {
    "platform": {
      "enabled": "boolean",
      "runtimeVersion": "string",
      "configFilePath": "string"
    },
    "globalValidation": {
      "requireAuthentication": "boolean",
      "unauthenticatedClientAction": "string",
      "redirectToProvider": "string",
      "excludedPaths": [
        "string"
      ]
    },
    "identityProviders": {
      "azureActiveDirectory": {
        "enabled": "boolean",
        "registration": {
          "openIdIssuer": "string",
          "clientId": "string",
          "clientSecretSettingName": "string",
          "clientSecretCertificateThumbprint": "string"
        },
        "login": {
          "disableWWWAuthenticate": "boolean",
          "loginParameters": [
            "string"
          ]
        },
        "validation": {
          "jwtClaimChecks": {
            "allowedGroups": [
              "string"
            ]
          },
          "allowedClientApplications": [
              "string"
            ]
          },
          "allowedAudiences": [
            "string"
          ]
        },
        "isAutoProvisioned": "boolean"
      },
      "facebook": {
        "enabled": "boolean",
        "registration": {
          "appId": "string",
          "appSecretSettingName": "string"
        },
        "graphApiVersion": "string",
        "login": {
          "scopes": [
            "string"
          ]
        }
      },
      "gitHub": {
        "enabled": "boolean",
        "registration": {
          "clientId": "string",
          "clientSecretSettingName": "string"
        },
        "login": {
          "scopes": [
            "string"
          ]
        }
      },
      "google": {
        "enabled": "boolean",
        "registration": {
          "clientId": "string",
          "clientSecretSettingName": "string"
        },
        "login": {
          "scopes": [
            "string"
          ]
        },
        "validation": {
          "allowedAudiences": [
            "string"
          ]
        }
      },
      "twitter": {
        "enabled": "boolean",
        "registration": {
          "consumerKey": "string",
          "consumerSecretSettingName": "string"
        }
      },
      "customOpenIdConnectProviders": {
        "enabled": "boolean",
        "registration": {
          "clientId": "string",
          "clientCredential": {
            "method": "string",
          },
          "clientSecretSettingName": "string",
          "openIdConnectConfiguration": {
            "authorizationEndpoint": "string",
            "tokenEndpoint": "string",
            "issuer": "string",
            "certificationUri": "string",
            "wellKnownOpenIdConfiguration": "string"
          }
        },
        "login": {
          "nameClaimType": "string",
          "scopes": [
            "string"
          ]
        }
      }
    },
    "login": {
      "routes": {
        "logoutEndpoint": "string"
      },
      "tokenStore": {
        "enabled": "boolean",
        "tokenRefreshExtensionHours": "integer",
        "fileSystem": {
          "directory": "string"
        },
        "azureBlobStorage": {
          "sasUrlSettingName": "string"
        }
      },
      "preserveUrlFragmentsForLogins": "boolean",
      "allowedExternalRedirectUrls": [
        "string"
      ],
      "cookieExpiration": {
        "convention": "string",
        "timeToExpiration": "string"
      },
      "nonce": {
        "validateNonce": "boolean",
        "nonceExpirationInterval": "string"
      }
    },
    "httpSettings": {
      "requireHttps": "boolean",
      "routes": {
        "apiPrefix": "string"
      },
      "forwardProxy": {
        "convention": "string",
        "customHostHeaderName": "string",
        "customProtoHeaderName": "string"
      }
    }
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Web/sites/config object

Note

In Bicep, type and apiVersion are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>. Don't set those properties in the resource body.

Name Type Required Value
name string Yes authsettingsV2
-or-
{site-name}/authsettingsV2
type enum Yes For JSON - config
-or-
Microsoft.Web/sites/config

See Set name and type for child resources.
apiVersion enum Yes For JSON - 2020-12-01
properties object Yes Core resource properties - SiteAuthSettingsV2 object

SiteAuthSettingsV2 object

Name Type Required Value
platform object No Platform object
globalValidation object No GlobalValidation object
identityProviders object No IdentityProviders object
login object No Login object
httpSettings object No HttpSettings object

Platform object

Name Type Required Value
enabled boolean No
runtimeVersion string No
configFilePath string No

GlobalValidation object

Name Type Required Value
requireAuthentication boolean No
unauthenticatedClientAction string No RedirectToLoginPage, AllowAnonymous, Return401, Return403
redirectToProvider string No
excludedPaths array No

IdentityProviders object

Name Type Required Value
azureActiveDirectory object No AzureActiveDirectory object
facebook object No Facebook object
gitHub object No GitHub object
google object No Google object
twitter object No Twitter object
customOpenIdConnectProviders object No CustomOpenIdConnectProviders object

AzureActiveDirectory object

Name Type Required Value
enabled boolean No
registration.openIdIssuer string No
registration.clientId string No
registration.clientSecretSettingName string No
registration.clientSecretCertificateThumbprint string No
login.disableWWWAuthenticate boolean No
login.loginParameters array No
validation.jwtClaimChecks.allowedGroups array No
validation.allowedClientApplications array No
validation.allowedAudiences array No
isAutoProvisioned boolean No

Facebook object

Name Type Required Value
enabled boolean No
registration.appId string No
registration.appSecretSettingName string No
graphApiVersion string No
login.scopes array No

GitHub object

Name Type Required Value
enabled boolean No
registration.clientId string No
registration.clientSecretSettingName string No
login.scopes array No

Google object

Name Type Required Value
enabled boolean No
registration.clientId string No
registration.clientSecretSettingName string No
login.scopes array No
validation.allowedAudiences array No

Twitter object

Name Type Required Value
enabled boolean No
registration.consumerKey string No
registration.consumerSecretSettingName string No

CustomOpenIdConnectProviders object

Name Type Required Value
enabled boolean No
registration.clientId string No
registration.clientCredential.method string No ClientSecretPost
registration.clientSecretSettingName string No
registration.openIdConnectConfiguration.authorizationEndpoint string No
registration.openIdConnectConfiguration.tokenEndpoint string No
registration.openIdConnectConfiguration.issuer string No
registration.openIdConnectConfiguration.certificationUri string No
registration.openIdConnectConfiguration.wellKnownOpenIdConfiguration string No
login.nameClaimType string No
login.scopes array No

Login object

Name Type Required Value
routes.logoutEndpoint string No
tokenStore.enabled boolean No
tokenStore.tokenRefreshExtensionHours integer No
tokenStore.fileSystem.directory string No
tokenStore.azureBlobStorage.sasUrlSettingName string No
preserveUrlFragmentsForLogins boolean No
allowedExternalRedirectUrls array No
cookieExpiration.convention string No FixedTime, IdentityProviderDerived
cookieExpiration.timeToExpiration string No
nonce.validateNonce boolean No
nonce.nonceExpirationInterval string No

HttpSettings object

Name Type Required Value
requireHttps boolean No
routes.apiPrefix string No
forwardProxy.convention string No NoProxy, Standard, Custom
forwardProxy.customHostHeaderName string No
forwardProxy.customProtoHeaderName string No