Azure Functions V4 (.NET 6): JWT authentication with multiple issuers?
Hi,
My team is implementing APIs using Azure Functions V4 (.NET 6). These APIs need to use JWT bearer token authentication using tokens issued by both AAD and AAD B2C, thus the API needs to authenticate tokens from two different token issuers. How do we implement this with Azure functions? Has anyone done this successfully with the latest version of Azure Functions?
The reason we require multiple issuers is because our APIs support both client(single page app)-to-server and server-to-server auth. Our primary tenant is in B2C which doesn't handle the OAuth client credentials flow for server-server communication, so we have to use the underlying AAD tenant for that flow. As such, tokens issued by AAD B2C have a different issuer than the AAD tenant. The problem is the frameworks that currently support JWT authentication in Azure Functions V4 don't support multiple issuers. e.g. we couldn't find a way to get OpenIdConnectExtensions.AddOpenIdConnect to work and Microsoft.Identity.Web doesn't yet support .Net 6.
Thanks in Advance