This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 38%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEB%3C/text%3E%3C/svg%3E)
I have created a Static Web App with Managed Functions, and I am using custom Auth by sending a token in the Authorization header.
I have turned Easy Auth off in the managed functions by setting this in the staticwebapp.config.json
"routes": [
{
"route": "/api/*",
"allowedRoles": ["anonymous"]
}
],
In spite of that, Easy Auth seems to still be on because I get a 401 when hitting the endpoints, and I see that the token issuer and audience is a different one (from the logs in Application Insights):
Decoded token issuer: https://random-uuid.scm.azurewebsites.net
Decoded token audience: https://random-uuid.azurewebsites.net/azurefunctions
I can't find a place in the Azure Portal where I can check if Easy Auth is on/off in the SWA.
How can I make sure that it's off?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 86%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVL%3C/text%3E%3C/svg%3E)
Hi @Eliezer B
Just following up to check whether the above information was helpful. Please feel free to post back.
Hi @Eliezer B
Following up to see if the above information was helpful. Feel free to post back for further assistance.
Please verify your Function App settings in the Azure Portal. Since you’re working with Managed Functions, go to the Authentication/Authorization section under your Function App and confirm that Easy Auth is disabled there as well. This helps ensure that no authentication policy is unintentionally blocking your requests.
Feel free to post back for further assistance!
Thanks @Vimal Lalani for your answer.
Where can I find that Authentication/Authorization section?
Inside the SWA I can't see it anywhere, and if I go inside API's I can see my managed functions names and nothing else, I can't navigate anywhere else from here.
Hi @Eliezer B
From the description, it appears that the Static Web App is using a Managed Function, and the authentication headers are coming from the Function App configuration, not directly from the Static Web App.
Please check the Managed Function App settings in the Azure Portal:
Check Managed Function App Settings
Even when Easy Auth is disabled at the Static Web App level, the managed Function App can still inject authentication headers if authentication is enabled there.
After removing the linked identity provider, the Easy Auth headers should no longer be added to requests.
Thanks for your answer.
When I go to Azure Portal → Function App (not SWA) I don't see the Managed Function listed in there.
Hi @Eliezer B
Thanks for the feedback.
However, the 401 error is coming from the Function App authentication or the function’s authorization level, not from the Static Web App route configuration.
Could you please verify the authorization level defined for your Azure Function (this is typically specified in the function.json file for each JavaScript managed function)?
If you can share a bit more detail about how the managed function is defined or your overall architecture, we can better narrow down the root cause.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 33%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
You can’t turn off Easy Auth on the managed Functions host.
You're hitting the managed Functions host directly, which is why you see tokens with issuer/audience like:
issuer: https://<random-uuid>.scm.azurewebsites.netaudience: https://<random-uuid>.azurewebsites.net/azurefunctionsThose values come from the Functions’ built‑in App Service Authentication (aka Easy Auth) that is always enabled for SWA‑managed Functions to protect the app when accessed directly. You cannot turn that off in the Azure Portal for a managed Functions instance.