Azure Static Web Apps uses the /.auth
system folder to provide access to authorization-related APIs. Rather than expose any of the routes under the /.auth
folder directly to end users, create routing rules for friendly URLs.
Use the following table to find the provider-specific route.
Authorization provider |
Sign in route |
Microsoft Entra ID |
/.auth/login/aad |
GitHub |
/.auth/login/github |
For example, to sign in with GitHub, you could include something similar to the following link.
<a href="/.auth/login/github">Login</a>
If you chose to support more than one provider, expose a provider-specific link for each on your website.
Use a route rule to map a default provider to a friendly route like /login.
{
"route": "/login",
"redirect": "/.auth/login/github"
}
Set up post-sign-in redirect
Return a user to a specific page after they sign in by providing a fully qualified URL in the post_login_redirect_uri
query string parameter, like in the following example.
<a href="/.auth/login/github?post_login_redirect_uri=https://zealous-water.azurestaticapps.net/success">Login</a>
You can also redirect unauthenticated users back to the referring page after they sign in. To configure this behavior, create a response override rule that sets post_login_redirect_uri
to .referrer
, like in the following example.
{
"responseOverrides": {
"401": {
"redirect": "/.auth/login/github?post_login_redirect_uri=.referrer",
"statusCode": 302
}
}
}