Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
Static Web App with Managed Function - can't turn off Easy Auth headers
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 38%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEB%3C/text%3E%3C/svg%3E)
Eliezer Baschkier
0
Reputation points
I have created a Static Web App with Managed Functions, and I am using custom Auth by sending a token in the Authorization header.
I have turned Easy Auth off in the managed functions by setting this in the staticwebapp.config.json
"routes": [
{
"route": "/api/*",
"allowedRoles": ["anonymous"]
}
],
In spite of that, Easy Auth seems to still be on because I get a 401 when hitting the endpoints, and I see that the token issuer and audience is a different one (from the logs in Application Insights):
Decoded token issuer: https://random-uuid.scm.azurewebsites.net
Decoded token audience: https://random-uuid.azurewebsites.net/azurefunctions
I can't find a place in the Azure Portal where I can check if Easy Auth is on/off in the SWA.
How can I make sure that it's off?
Azure Static Web Apps
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 86%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVL%3C/text%3E%3C/svg%3E)
Vimal Lalani 2,400 Reputation points Microsoft External Staff Moderator2025-12-12T17:32:33.4766667+00:00 Please verify your Function App settings in the Azure Portal. Since you’re working with Managed Functions, go to the Authentication/Authorization section under your Function App and confirm that Easy Auth is disabled there as well. This helps ensure that no authentication policy is unintentionally blocking your requests.
Feel free to post back for further assistance!
-
Eliezer Baschkier 0 Reputation points
2025-12-12T17:38:55.65+00:00 Thanks @Vimal Lalani for your answer.
Where can I find that Authentication/Authorization section?
Inside the SWA I can't see it anywhere, and if I go inside API's I can see my managed functions names and nothing else, I can't navigate anywhere else from here.
Sign in to comment
Sign in to answer