az webapp auth openid-connect
Note
This reference is part of the authV2 extension for the Azure CLI (version 2.23.0 or higher). The extension will automatically install the first time you run an az webapp auth openid-connect command. Learn more about extensions.
Manage webapp authentication and authorization of the custom OpenID Connect identity providers.
Commands
Name | Description | Type | Status |
---|---|---|---|
az webapp auth openid-connect add |
Configure a new custom OpenID Connect identity provider. |
Extension | GA |
az webapp auth openid-connect remove |
Removes an existing custom OpenID Connect identity provider. |
Extension | GA |
az webapp auth openid-connect show |
Show the authentication settings for the custom OpenID Connect identity provider. |
Extension | GA |
az webapp auth openid-connect update |
Update the client id and client secret setting name for an existing custom OpenID Connect identity provider. |
Extension | GA |
az webapp auth openid-connect add
Configure a new custom OpenID Connect identity provider.
az webapp auth openid-connect add --provider-name
[--client-id]
[--client-secret]
[--client-secret-setting-name]
[--ids]
[--name]
[--openid-configuration]
[--resource-group]
[--scopes]
[--slot]
[--subscription]
[--yes]
Examples
Configure a new custom OpenID Connect identity provider.
az webapp auth openid-connect add -g myResourceGroup --name MyWebApp \
--provider-name myOpenIdConnectProvider --client-id my-client-id \
--client-secret-setting-name MY_SECRET_APP_SETTING \
--openid-configuration https://myopenidprovider.net/.well-known/openid-configuration
Required Parameters
The name of the custom OpenID Connect provider.
Optional Parameters
The Client ID of the app used for login.
The application secret of the app used for login.
The app setting name that contains the client secret.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the web app.
The endpoint that contains all the configuration endpoints for the provider.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
A list of the scopes that should be requested while authenticating.
The name of the slot. Default to the productions slot if not specified.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az webapp auth openid-connect remove
Removes an existing custom OpenID Connect identity provider.
az webapp auth openid-connect remove --provider-name
[--ids]
[--name]
[--resource-group]
[--slot]
[--subscription]
Examples
Removes an existing custom OpenID Connect identity provider.
az webapp auth openid-connect remove --name MyWebApp --resource-group MyResourceGroup \
--provider-name myOpenIdConnectProvider
Required Parameters
The name of the custom OpenID Connect provider.
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the web app.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The name of the slot. Default to the productions slot if not specified.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az webapp auth openid-connect show
Show the authentication settings for the custom OpenID Connect identity provider.
az webapp auth openid-connect show --provider-name
[--ids]
[--name]
[--resource-group]
[--slot]
[--subscription]
Examples
Show the authentication settings for the custom OpenID Connect identity provider. (autogenerated)
az webapp auth openid-connect show --name MyWebApp --resource-group MyResourceGroup \ --provider-name myOpenIdConnectProvider
Required Parameters
The name of the custom OpenID Connect provider.
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the web app.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
The name of the slot. Default to the productions slot if not specified.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az webapp auth openid-connect update
Update the client id and client secret setting name for an existing custom OpenID Connect identity provider.
az webapp auth openid-connect update --provider-name
[--client-id]
[--client-secret]
[--client-secret-setting-name]
[--ids]
[--name]
[--openid-configuration]
[--resource-group]
[--scopes]
[--slot]
[--subscription]
[--yes]
Examples
Update the client id and client secret setting name for an existing custom OpenID Connect identity provider.
az webapp auth openid-connect update -g myResourceGroup --name MyWebApp \
--provider-name myOpenIdConnectProvider --client-id my-client-id \
--client-secret-setting-name MY_SECRET_APP_SETTING
Required Parameters
The name of the custom OpenID Connect provider.
Optional Parameters
The Client ID of the app used for login.
The application secret of the app used for login.
The app setting name that contains the client secret.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the web app.
The endpoint that contains all the configuration endpoints for the provider.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
A list of the scopes that should be requested while authenticating.
The name of the slot. Default to the productions slot if not specified.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.