Azure Web PubSub
An Azure service that provides real-time messaging for web applications using WebSockets and the publish-subscribe pattern.
97 questions
How do I get Bearer Token?
Authentication Blocking Frontend Requests in Deployed Python App
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 14.000000000000002%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
Amit Developer- Atlantic
20
Reputation points
I have developed a Python web application with multiple routes and deployed it using a web app service. I also configured authentication by enabling an identity provider. However, after enabling authentication, all routes have become restricted, and I am unable to receive responses from frontend requests due to authentication blocking access.
CORS has been enabled, but it does not resolve the issue. The frontend requests are still not authorized to access the backend routes.
Azure Web PubSub
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 61%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELR%3C/text%3E%3C/svg%3E)
Laxman Reddy Revuri 5,395 Reputation points Microsoft External Staff Moderator2025-05-08T07:29:52.0233333+00:00 Hi @Amit Developer- Atlantic
It seems like you're facing an issue with your Python web application where authentication is blocking access to your routes, which is causing problems with your frontend requests.1.Ensure that your authentication settings allow for access to specific routes or resources needed by your frontend. Depending on your authentication provider, you might need to adjust permissions or claims.
2.Since you've already enabled CORS, double-check that the allowed origins and methods in your CORS configuration match those being used by your frontend requests. Make sure the frontend's URL is included as an allowed origin.
3.Ensure that your frontend requests include any necessary authentication tokens or headers that the backend expects. Sometimes, the lack of a valid token can lead to blocked requests.
4.Use logging in your application to track incoming requests and potential errors. Reviewing the logs can provide insights into why requests are being blocked.
5.If you're using Azure App Service, verify that your app's settings, such as WEBSITE_AUTH_ENABLED, and any configurations related to the identity provider are correctly set.
https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization#feature-architecture -
Amit Developer- Atlantic 20 Reputation points
2025-05-08T09:24:40.72+00:00 Could you please explain me more specific and step to implement this?
-
Laxman Reddy Revuri 5,395 Reputation points Microsoft External Staff Moderator
2025-05-09T09:28:37.0433333+00:00 Hi @Amit Developer- Atlantic,
Here is a step-by-step guide to resolve the issue where your frontend is being blocked by authentication in your Azure Python Web App.To allow your frontend to access backend routes even after enabling authentication.
Allow Anonymous Access to Specific Routes
If your front end does not authenticate and you want some routes (like /, /static, /api/public) to be accessible without login.
Create a
routes.jsonFileIn your web app project's root folder, create a file named
routes.jsonwith the following content{ "routes": [ { "route": "/api/public", "allowedRoles": ["anonymous"] }, { "route": "/api/private", "allowedRoles": ["authenticated"] } ] }Please upload the routes.json file to Azure:
- Go to Azure Portal > Your App Service.
- Navigate to Advanced Tools (Kudu) > click Go.
- Go to site/wwwroot.
- Upload the routes.json file here.
This will configure Azure to allow public access to /api/public and require authentication for /api/private.
-
Amit Developer- Atlantic 20 Reputation points
2025-05-10T04:54:57.0733333+00:00 I am sending the request from a third-party website (a Shopify site) using JavaScript. I have followed the steps you mentioned earlier; however, the issue persists and the same error continues to appear. I have also ensured that CORS is enabled for the Shopify website URL
"Access to fetch at 'https://login.windows.net/283108d1-9244-41dd-bf04-92be173440d8/oauth2/v2.0/authorize?response_type=code+id_token&redirect_uri=https%3A%2F%2Fatlanticflyer-gcftb4d6chhhbqde.centralus-01.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&client_id=452ae5b9-0930-4718-90c7-e863fc5214b5&scope=openid+profile+email&response_mode=form_post&nonce=f3a1456580be4fc0b4fc2d1b8dfdecd5_20250510044048&state=redir%3D%252Fgetpdf' (redirected from 'https://atlanticflyer-gcftb4d6chhhbqde.centralus-01.azurewebsites.net/getpdf') from origin 'https://atlanticbooks.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource."
-
Laxman Reddy Revuri 5,395 Reputation points Microsoft External Staff Moderator
2025-05-14T09:06:40.07+00:00 Hi @Amit Developer- Atlantic,
Review the settings for your identity provider in Azure. Make sure that the necessary claims or permissions are set up to allow access to the required routes.1.Double-check your CORS settings in the Azure Portal. Ensure that the Shopify website URL (https://atlanticbooks.com) is listed in the "Allowed Origins" section, and that you have allowed the necessary HTTP methods.
2. When sending requests from your Shopify site, ensure that the requests include the necessary authorization headers. This may include an Authorization header with a Bearer token if your setup requires it.Sample JavaScript code to include headers
fetch('https://yourapp.azurewebsites.net/api/private', { method: 'GET', headers: { 'Authorization': 'Bearer ' + your_token, 'Content-Type': 'application/json' } }) .then(response => response.json()) .catch(error => console.error('Error:', error));- Use Azure App Service's log stream feature to closely monitor incoming requests and see any relevant error messages. This can help pinpoint the cause of the blocks. You can access this under your App Service in the Azure Portal.
- Ensure that the redirect URLs after authentication align with the expected values in your app settings. Make sure they are properly configured to handle processes after login.
-
Laxman Reddy Revuri 5,395 Reputation points Microsoft External Staff Moderator
2025-05-15T10:06:33.9166667+00:00 Hi @Amit Developer- Atlantic,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Sign in to comment
1 answer
Sort by: Most helpful
-
Amit Developer- Atlantic 20 Reputation points
2025-05-16T05:12:07.27+00:00 -
Laxman Reddy Revuri 5,395 Reputation points Microsoft External Staff Moderator
2025-05-16T10:06:10.56+00:00 Hi @Amit Developer- Atlantic,
To retrieve a Bearer token for authenticating against Azure services,Go to the Azure portal, select Azure Active Directory, and register a new application.
In the app registration, navigate to "API permissions", add permissions for APIs that your app will access.
In the "Certificates & secrets" section, create a new client secret. Note it down; you will need it for authentication.
Depending on your application type, you might use libraries like MSAL (Microsoft Authentication Library) for Python or JavaScript.
from msal import ConfidentialClientApplication app = ConfidentialClientApplication( client_id='YOUR_CLIENT_ID', client_credential='YOUR_CLIENT_SECRET', authority='https://login.microsoftonline.com/YOUR_TENANT_ID' ) token_response = app.acquire_token_for_client(scopes=["https://graph.microsoft.com/.default"]) access_token = token_response.get('access_token') -
Laxman Reddy Revuri 5,395 Reputation points Microsoft External Staff Moderator
2025-05-19T10:24:26.4666667+00:00 Hi @Amit Developer- Atlantic,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Sign in to comment -