az webapp auth
Manage webapp authentication and authorization.
Commands
az webapp auth show |
Show the authentification settings for the webapp. |
az webapp auth update |
Update the authentication settings for the webapp. |
az webapp auth show
Show the authentification settings for the webapp.
az webapp auth show [--ids]
[--name]
[--query-examples]
[--resource-group]
[--slot]
[--subscription]
Examples
Show the authentification settings for the webapp. (autogenerated)
az webapp auth show --name MyWebApp --resource-group MyResourceGroup
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the web app. If left unspecified, a name will be randomly generated. You can configure the default using az configure --defaults web=<name>
.
Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The name of the slot. Default to the productions slot if not specified.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az webapp auth update
Update the authentication settings for the webapp.
az webapp auth update [--aad-allowed-token-audiences]
[--aad-client-id]
[--aad-client-secret]
[--aad-client-secret-certificate-thumbprint]
[--aad-token-issuer-url]
[--action {AllowAnonymous, LoginWithAzureActiveDirectory, LoginWithFacebook, LoginWithGoogle, LoginWithMicrosoftAccount, LoginWithTwitter}]
[--allowed-external-redirect-urls]
[--enabled {false, true}]
[--facebook-app-id]
[--facebook-app-secret]
[--facebook-oauth-scopes]
[--google-client-id]
[--google-client-secret]
[--google-oauth-scopes]
[--ids]
[--microsoft-account-client-id]
[--microsoft-account-client-secret]
[--microsoft-account-oauth-scopes]
[--name]
[--resource-group]
[--runtime-version]
[--slot]
[--subscription]
[--token-refresh-extension-hours]
[--token-store {false, true}]
[--twitter-consumer-key]
[--twitter-consumer-secret]
Examples
Enable AAD by enabling authentication and setting AAD-associated parameters. Default provider is set to AAD. Must have created a AAD service principal beforehand.
az webapp auth update -g myResourceGroup -n myUniqueApp --enabled true \
--action LoginWithAzureActiveDirectory \
--aad-allowed-token-audiences https://webapp_name.azurewebsites.net/.auth/login/aad/callback \
--aad-client-id ecbacb08-df8b-450d-82b3-3fced03f2b27 --aad-client-secret very_secret_password \
--aad-token-issuer-url https://sts.windows.net/54826b22-38d6-4fb2-bad9-b7983a3e9c5a/
Allow Facebook authentication by setting FB-associated parameters and turning on public-profile and email scopes; allow anonymous users
az webapp auth update -g myResourceGroup -n myUniqueApp --action AllowAnonymous \
--facebook-app-id my_fb_id --facebook-app-secret my_fb_secret \
--facebook-oauth-scopes public_profile email
Optional Parameters
One or more token audiences (space-delimited).
Application ID to integrate AAD organization account Sign-in into your web app.
AAD application secret.
Alternative to AAD Client Secret, thumbprint of a certificate used for signing purposes.
This url can be found in the JSON output returned from your active directory endpoint using your tenantID. The endpoint can be queried from
az cloud show
at "endpoints.activeDirectory". The tenantID can be found using az account show
. Get the "issuer" from the JSON at
One or more urls (space-delimited).
Application ID to integrate Facebook Sign-in into your web app.
Facebook Application client secret.
One or more facebook authentication scopes (space-delimited).
Application ID to integrate Google Sign-in into your web app.
Google Application client secret.
One or more Google authentication scopes (space-delimited).
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
AAD V2 Application ID to integrate Microsoft account Sign-in into your web app.
AAD V2 Application client secret.
One or more Microsoft authentification scopes (space-delimited).
Name of the web app. If left unspecified, a name will be randomly generated. You can configure the default using az configure --defaults web=<name>
.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Runtime version of the Authentication/Authorization feature in use for the current app.
The name of the slot. Default to the productions slot if not specified.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Hours, must be formattable into a float.
Use App Service Token Store.
Application ID to integrate Twitter Sign-in into your web app.
Twitter Application client secret.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.