Azure Container Apps - built-in OIDC for SPA?

ricky zou 0 Reputation points
2024-05-21T19:03:39.47+00:00

From Azure Container Apps Docs, it claims to support codeless authentication for apps through configuration (easy auth).

I deployed 2 apps to ACA, one Angular SPA, one API used by SPA, both without any code to support authentication as I want to utilize ACA built-in auth support.

Following the instructions, after I deployed SPA app to ACA, made sure that page shows up properly, then on the Azure portal, I turned on Authentication, added "Microsoft" as IdP, and I was able to get redirected to MS login, however, after logging in, I got an error. I went back to the ACA->Authentication portal page, and enabled "id_token" and "access_token", then I got id_token and auth code back after logging in, however, there's no access token available for me to call the ACA API app.

Upon further examination, I see "id_token, code" requested, and 'form_post' was used (even though I selected "SPA" instead of "Web App" as "framework"), I understand that this is all part of code flow as implicit is not secure, however, the ACA Authentication sidecar container doesn't seem to support ODIC auth code flow, or even the implicit flow.

Does anyone know if this is really the case or is there proper doc on this?

Azure Container Apps
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
310 questions
0 comments No comments
{count} votes