az containerapp auth openid-connect

Manage containerapp authentication and authorization of the custom OpenID Connect identity providers.

Commands

Name	Description	Type	Status
az containerapp auth openid-connect add	Configure a new custom OpenID Connect identity provider.	Core	GA
az containerapp auth openid-connect remove	Removes an existing custom OpenID Connect identity provider.	Core	GA
az containerapp auth openid-connect show	Show the authentication settings for the custom OpenID Connect identity provider.	Core	GA
az containerapp auth openid-connect update	Update the client id and client secret setting name for an existing custom OpenID Connect identity provider.	Core	GA

az containerapp auth openid-connect add

Configure a new custom OpenID Connect identity provider.

az containerapp auth openid-connect add --provider-name
                                        [--client-id]
                                        [--client-secret]
                                        [--client-secret-name]
                                        [--ids]
                                        [--name]
                                        [--openid-configuration]
                                        [--resource-group]
                                        [--scopes]
                                        [--subscription]
                                        [--yes]

Examples

Configure a new custom OpenID Connect identity provider.

az containerapp auth openid-connect add -g myResourceGroup --name my-containerapp \
  --provider-name myOpenIdConnectProvider --client-id my-client-id \
  --client-secret-name MY_SECRET_APP_SETTING \
  --openid-configuration https://myopenidprovider.net/.well-known/openid-configuration

Required Parameters

--provider-name

The name of the custom OpenID Connect provider.

Optional Parameters

--client-id

The Client ID of the app used for login.

--client-secret

The client secret.

--client-secret-name

The app secret name that contains the client secret of the relying party application.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the Containerapp. A name must consist of lower case alphanumeric characters or '-', start with a letter, end with an alphanumeric character, cannot have '--', and must be less than 32 characters.

--openid-configuration

The endpoint that contains all the configuration endpoints for the provider.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--scopes

A list of the scopes that should be requested while authenticating.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--yes -y

Do not prompt for confirmation.

default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az containerapp auth openid-connect remove

Removes an existing custom OpenID Connect identity provider.

az containerapp auth openid-connect remove --provider-name
                                           [--ids]
                                           [--name]
                                           [--resource-group]
                                           [--subscription]
                                           [--yes]

Examples

Removes an existing custom OpenID Connect identity provider.

az containerapp auth openid-connect remove --name my-containerapp --resource-group MyResourceGroup \
  --provider-name myOpenIdConnectProvider

Required Parameters

--provider-name

The name of the custom OpenID Connect provider.

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the Containerapp. A name must consist of lower case alphanumeric characters or '-', start with a letter, end with an alphanumeric character, cannot have '--', and must be less than 32 characters.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--yes -y

Do not prompt for confirmation.

default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az containerapp auth openid-connect show

Show the authentication settings for the custom OpenID Connect identity provider.

az containerapp auth openid-connect show --provider-name
                                         [--ids]
                                         [--name]
                                         [--resource-group]
                                         [--subscription]

Examples

Show the authentication settings for the custom OpenID Connect identity provider.

az containerapp auth openid-connect show --name my-containerapp --resource-group MyResourceGroup \ --provider-name myOpenIdConnectProvider

Required Parameters

--provider-name

The name of the custom OpenID Connect provider.

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the Containerapp. A name must consist of lower case alphanumeric characters or '-', start with a letter, end with an alphanumeric character, cannot have '--', and must be less than 32 characters.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az containerapp auth openid-connect update

Update the client id and client secret setting name for an existing custom OpenID Connect identity provider.

az containerapp auth openid-connect update --provider-name
                                           [--client-id]
                                           [--client-secret]
                                           [--client-secret-name]
                                           [--ids]
                                           [--name]
                                           [--openid-configuration]
                                           [--resource-group]
                                           [--scopes]
                                           [--subscription]
                                           [--yes]

Examples

Update the client id and client secret setting name for an existing custom OpenID Connect identity provider.

az containerapp auth openid-connect update -g myResourceGroup --name my-containerapp \
  --provider-name myOpenIdConnectProvider --client-id my-client-id \
  --client-secret-name MY_SECRET_APP_SETTING

Required Parameters

--provider-name

The name of the custom OpenID Connect provider.

Optional Parameters

--client-id

The Client ID of the app used for login.

--client-secret

The client secret.

--client-secret-name

The app secret name that contains the client secret of the relying party application.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the Containerapp. A name must consist of lower case alphanumeric characters or '-', start with a letter, end with an alphanumeric character, cannot have '--', and must be less than 32 characters.

--openid-configuration

The endpoint that contains all the configuration endpoints for the provider.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--scopes

A list of the scopes that should be requested while authenticating.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--yes -y

Do not prompt for confirmation.

default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.