az webapp auth-classic
Note
This reference is part of the authV2 extension for the Azure CLI (version 2.23.0 or higher). The extension will automatically install the first time you run an az webapp auth-classic command. Learn more about extensions.
Manage webapp authentication and authorization in the classic format.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az webapp auth-classic show |
Show the authentication settings for the webapp in the classic format. |
Extension | GA |
| az webapp auth-classic update |
Update the authentication settings for the webapp in the classic format. |
Extension | GA |
az webapp auth-classic show
Show the authentication settings for the webapp in the classic format.
az webapp auth-classic show [--ids]
[--name]
[--resource-group]
[--slot]
[--subscription]Examples
Show the authentication settings for the webapp. (autogenerated)
az webapp auth-classic show --name MyWebApp --resource-group MyResourceGroupOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of the web app.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The name of the slot. Default to the productions slot if not specified.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az webapp auth-classic update
Update the authentication settings for the webapp in the classic format.
Note that authentication settings are no longer returned as a result. Please use the az webapp auth-classic show command to view setting values.
az webapp auth-classic update [--aad-allowed-token-audiences --allowed-audiences]
[--aad-client-id]
[--aad-client-secret]
[--aad-client-secret-certificate-thumbprint --thumbprint]
[--aad-client-secret-setting-name --aad-secret-setting]
[--aad-token-issuer-url]
[--action {AllowAnonymous, LoginWithAzureActiveDirectory, LoginWithFacebook, LoginWithGoogle, LoginWithMicrosoftAccount, LoginWithTwitter}]
[--allowed-redirect-urls]
[--enabled {false, true}]
[--facebook-app-id]
[--facebook-app-secret]
[--facebook-app-secret-setting-name --fb-secret-setting]
[--facebook-oauth-scopes]
[--github-client-id]
[--github-client-secret]
[--github-client-secret-setting-name --github-secret-setting]
[--github-oauth-scopes --github-scopes]
[--google-client-id]
[--google-client-secret]
[--google-client-secret-setting-name --google-secret-setting]
[--google-oauth-scopes]
[--ids]
[--microsoft-account-client-id --msa-client]
[--microsoft-account-client-secret --msa-secret]
[--microsoft-account-client-secret-setting-name --msa-secret-setting]
[--microsoft-account-oauth-scopes --msa-scopes]
[--name]
[--resource-group]
[--runtime-version]
[--slot]
[--subscription]
[--token-refresh-extension-hours --token-refresh-hours]
[--token-store {false, true}]
[--twitter-consumer-key]
[--twitter-consumer-secret --twitter-secret]
[--twitter-consumer-secret-setting-name --twitter-secret-setting]Examples
Enable Azure Active Directory by enabling authentication and setting Azure Active Directory-associated parameters. Default provider is set to AAD. Must have created a AAD service principal beforehand.
az webapp auth-classic update -g myResourceGroup --name MyWebApp --enabled true \
--action LoginWithAzureActiveDirectory \
--aad-allowed-token-audiences https://webapp_name.azurewebsites.net/.auth/login/aad/callback \
--aad-client-id my-client-id --aad-client-secret very_secret_password \
--aad-token-issuer-url https://sts.windows.net/54826b22-38d6-4fb2-bad9-b7983a3e9c5a/Enable Facebook authentication by setting FB-associated parameters and turning on public-profile and email scopes; allow anonymous users
az webapp auth-classic update -g myResourceGroup --name MyWebApp --action AllowAnonymous \
--facebook-app-id my_fb_id --facebook-app-secret my_fb_secret \
--facebook-oauth-scopes public_profile emailOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more token audiences (space-delimited).
| Property | Value |
|---|---|
| Parameter group: | Azure Active Directory Arguments |
Application ID to integrate AAD organization account Sign-in into your web app.
| Property | Value |
|---|---|
| Parameter group: | Azure Active Directory Arguments |
AAD application secret.
| Property | Value |
|---|---|
| Parameter group: | Azure Active Directory Arguments |
Alternative to AAD Client Secret, thumbprint of a certificate used for signing purposes.
| Property | Value |
|---|---|
| Parameter group: | Azure Active Directory Arguments |
The app setting name that contains the client secret of the relying party application.
| Property | Value |
|---|---|
| Parameter group: | Azure Active Directory Arguments |
This url can be found in the JSON output returned from your active directory endpoint using your tenantID. The endpoint can be queried from az cloud show at "endpoints.activeDirectory". The tenantID can be found using az account show. Get the "issuer" from the JSON at <active directory endpoint>/<tenantId>/.well-known/openid-configuration.
| Property | Value |
|---|---|
| Parameter group: | Azure Active Directory Arguments |
The action to take when an unauthenticated client attempts to access the app.
| Property | Value |
|---|---|
| Accepted values: | AllowAnonymous, LoginWithAzureActiveDirectory, LoginWithFacebook, LoginWithGoogle, LoginWithMicrosoftAccount, LoginWithTwitter |
One or more urls (space-delimited).
True if the Authentication / Authorization feature is enabled for the current app; otherwise, false.
| Property | Value |
|---|---|
| Accepted values: | false, true |
Application ID to integrate Facebook Sign-in into your web app.
| Property | Value |
|---|---|
| Parameter group: | Facebook Arguments |
Facebook Application client secret.
| Property | Value |
|---|---|
| Parameter group: | Facebook Arguments |
The app setting name that contains the app secret used for Facebook Login.
| Property | Value |
|---|---|
| Parameter group: | Facebook Arguments |
One or more facebook authentication scopes (space-delimited).
| Property | Value |
|---|---|
| Parameter group: | Facebook Arguments |
The Client Id of the GitHub app used for login.
| Property | Value |
|---|---|
| Parameter group: | GitHub Arguments |
The Client Secret of the GitHub app used for login.
| Property | Value |
|---|---|
| Parameter group: | GitHub Arguments |
The app setting name that contains the client secret of the Github app used for GitHub Login.
| Property | Value |
|---|---|
| Parameter group: | GitHub Arguments |
The OAuth 2.0 scopes that will be requested as part of GitHub Login authentication.
| Property | Value |
|---|---|
| Parameter group: | GitHub Arguments |
Application ID to integrate Google Sign-in into your web app.
| Property | Value |
|---|---|
| Parameter group: | Google Arguments |
Google Application client secret.
| Property | Value |
|---|---|
| Parameter group: | Google Arguments |
The app setting name that contains the client secret associated with the Google web application.
| Property | Value |
|---|---|
| Parameter group: | Google Arguments |
One or more Google authentication scopes (space-delimited).
| Property | Value |
|---|---|
| Parameter group: | Google Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
AAD V2 Application ID to integrate Microsoft account Sign-in into your web app.
| Property | Value |
|---|---|
| Parameter group: | Microsoft Arguments |
AAD V2 Application client secret.
| Property | Value |
|---|---|
| Parameter group: | Microsoft Arguments |
The app setting name containing the OAuth 2.0 client secret that was created for the app used for authentication.
| Property | Value |
|---|---|
| Parameter group: | Microsoft Arguments |
One or more Microsoft authentification scopes (space-delimited).
| Property | Value |
|---|---|
| Parameter group: | Microsoft Arguments |
Name of the web app.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Runtime version of the Authentication/Authorization feature in use for the current app.
The name of the slot. Default to the productions slot if not specified.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Hours, must be formattable into a float.
Use App Service Token Store.
| Property | Value |
|---|---|
| Accepted values: | false, true |
Application ID to integrate Twitter Sign-in into your web app.
| Property | Value |
|---|---|
| Parameter group: | Twitter Arguments |
Twitter Application client secret.
| Property | Value |
|---|---|
| Parameter group: | Twitter Arguments |
The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in.
| Property | Value |
|---|---|
| Parameter group: | Twitter Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
