Share via

az webapp auth openid-connect

Note

This reference is part of the authV2 extension for the Azure CLI (version 2.23.0 or higher). The extension will automatically install the first time you run an az webapp auth openid-connect command. Learn more about extensions.

Manage webapp authentication and authorization of the custom OpenID Connect identity providers.

Commands

Name Description Type Status
az webapp auth openid-connect add

Configure a new custom OpenID Connect identity provider.

 Extension GA
az webapp auth openid-connect remove

Removes an existing custom OpenID Connect identity provider.

 Extension GA
az webapp auth openid-connect show

Show the authentication settings for the custom OpenID Connect identity provider.

 Extension GA
az webapp auth openid-connect update

Update the client id and client secret setting name for an existing custom OpenID Connect identity provider.

 Extension GA

az webapp auth openid-connect add

Configure a new custom OpenID Connect identity provider.

az webapp auth openid-connect add --provider-name
                                  [--client-id]
                                  [--client-secret]
                                  [--client-secret-setting-name --secret-setting]
                                  [--ids]
                                  [--name]
                                  [--openid-configuration]
                                  [--resource-group]
                                  [--scopes]
                                  [--slot]
                                  [--subscription]
                                  [--yes]

Examples

Configure a new custom OpenID Connect identity provider.

az webapp auth openid-connect add -g myResourceGroup --name MyWebApp \
  --provider-name myOpenIdConnectProvider --client-id my-client-id \
  --client-secret-setting-name MY_SECRET_APP_SETTING \
  --openid-configuration https://myopenidprovider.net/.well-known/openid-configuration

Required Parameters

--provider-name

The name of the custom OpenID Connect provider.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--client-id

The Client ID of the app used for login.

--client-secret

The application secret of the app used for login.

--client-secret-setting-name --secret-setting

The app setting name that contains the client secret.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Name of the web app.

Property Value
Parameter group: Resource Id Arguments
--openid-configuration

The endpoint that contains all the configuration endpoints for the provider.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--scopes

A list of the scopes that should be requested while authenticating.

--slot -s

The name of the slot. Default to the productions slot if not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
--yes -y

Do not prompt for confirmation.

Property Value
Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az webapp auth openid-connect remove

Removes an existing custom OpenID Connect identity provider.

az webapp auth openid-connect remove --provider-name
                                     [--ids]
                                     [--name]
                                     [--resource-group]
                                     [--slot]
                                     [--subscription]

Examples

Removes an existing custom OpenID Connect identity provider.

az webapp auth openid-connect remove --name MyWebApp --resource-group MyResourceGroup \
  --provider-name myOpenIdConnectProvider

Required Parameters

--provider-name

The name of the custom OpenID Connect provider.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Name of the web app.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--slot -s

The name of the slot. Default to the productions slot if not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az webapp auth openid-connect show

Show the authentication settings for the custom OpenID Connect identity provider.

az webapp auth openid-connect show --provider-name
                                   [--ids]
                                   [--name]
                                   [--resource-group]
                                   [--slot]
                                   [--subscription]

Examples

Show the authentication settings for the custom OpenID Connect identity provider. (autogenerated)

az webapp auth openid-connect show --name MyWebApp --resource-group MyResourceGroup \ --provider-name myOpenIdConnectProvider

Required Parameters

--provider-name

The name of the custom OpenID Connect provider.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Name of the web app.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--slot -s

The name of the slot. Default to the productions slot if not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az webapp auth openid-connect update

Update the client id and client secret setting name for an existing custom OpenID Connect identity provider.

az webapp auth openid-connect update --provider-name
                                     [--client-id]
                                     [--client-secret]
                                     [--client-secret-setting-name --secret-setting]
                                     [--ids]
                                     [--name]
                                     [--openid-configuration]
                                     [--resource-group]
                                     [--scopes]
                                     [--slot]
                                     [--subscription]
                                     [--yes]

Examples

Update the client id and client secret setting name for an existing custom OpenID Connect identity provider.

az webapp auth openid-connect update -g myResourceGroup --name MyWebApp \
  --provider-name myOpenIdConnectProvider --client-id my-client-id \
  --client-secret-setting-name MY_SECRET_APP_SETTING

Required Parameters

--provider-name

The name of the custom OpenID Connect provider.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--client-id

The Client ID of the app used for login.

--client-secret

The application secret of the app used for login.

--client-secret-setting-name --secret-setting

The app setting name that contains the client secret.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Name of the web app.

Property Value
Parameter group: Resource Id Arguments
--openid-configuration

The endpoint that contains all the configuration endpoints for the provider.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--scopes

A list of the scopes that should be requested while authenticating.

--slot -s

The name of the slot. Default to the productions slot if not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
--yes -y

Do not prompt for confirmation.

Property Value
Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False