I have a Python based web app with Easy auth enabled which is called from a service and returns some json output from each of the routes. Now, I want to disable authentication only on a specific route.
An alternative is to add code to implement authentication myself and then disable it for that route, I would prefer to do it without any code change.
Is this possible while using Easy auth? Do I need to add any configuration/setting?
I have a Python based web app with Easy auth enabled which is called from a service and returns some json output from each of the routes. Now, I want to disable authentication only on a specific route.
An alternative is to add code to implement authentication myself and then disable it for that route, I would prefer to do it without any code change.
Is this possible while using Easy auth? Do I need to add any configuration/setting?
Share Improve this question asked Mar 19 at 4:28 AshutoshAshutosh 1,05019 silver badges40 bronze badges 2- Which authentication provider is configured in Easy Auth (e.g., Azure AD, Microsoft Account, Google, Facebook)? – Aslesha Kantamsetti Commented Mar 19 at 5:52
- 1 Use file-based configuration to disable Easy Auth for specific routes. – Aslesha Kantamsetti Commented Mar 19 at 12:35
1 Answer
Reset to default 0How to disable easy auth for specific routes in Flask app deployed to Azure?
To disable Easy Auth for specific routes in Azure, use a file-based configuration.
I followed this MS Doc to Enable file-based Authentication in Azure App Service.
I created an auth.json file, excluding the public routes and including the private routes.
auth.json:
{
"platform": {
"enabled": true
},
"globalValidation": {
"unauthenticatedClientAction": "RedirectToLoginPage",
"redirectToProvider": "AzureActiveDirectory",
"excludedPaths": [
"/api/public"
]
},
"httpSettings": {
"requireHttps": true,
"routes": {
"apiPrefix": "/api"
},
"forwardProxy": {
"convention": "NoProxy"
}
},
"login": {
"routes": {
"logoutEndpoint": "/.auth/logout"
},
"tokenStore": {
"enabled": true,
"tokenRefreshExtensionHours": 12
},
"allowedExternalRedirectUrls": [
"https://<AzureWebAppName>.azurewebsites/"
],
"cookieExpiration": {
"convention": "FixedTime",
"timeToExpiration": "00:30:00"
}
},
"identityProviders": {
"azureActiveDirectory": {
"enabled": true,
"registration": {
"openIdIssuer": "https://login.microsoftonline/<YOUR_TENANT_ID>/v2.0",
"clientId": "<YOUR_CLIENT_ID>",
"clientSecretSettingName": "APP_SETTING_CONTAINING_AAD_SECRET"
},
"login": {
"loginParameters": [
"scope=openid profile email"
]
},
"validation": {
"allowedAudiences": [
"api://<YOUR_CLIENT_ID>"
]
}
}
}
}
I added the auth.json file to the /home/site/wwwroot/ path in Azure using the Kudu Console via the below URL.
https://<AzureWebAppName>.scm.canadacentral-01.azurewebsites/newui
I created a file and save it as authsettingsV2.json:
{
"$schema": "https://schema.management.azure/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2022-03-01",
"name": "[concat(parameters('webAppName'), '/authsettingsV2')]",
"properties": {
"platform": {
"enabled": true,
"configFilePath": "auth.json"
}
}
}
],
"parameters": {
"webAppName": {
"type": "string"
}
}
}
I ran the below commands to create an ARM template for enabling file-based authentication.
az login
az account set --subscription "SubscriptionId"
az deployment group create --resource-group <ResourceGroupName> --template-file <PathTOauthsettingsV2.json> --parameters webAppName=<AzureWebAppName>
After running above commands File-Based configuration is enabled as shown below:
Make Sure to Below Values are set in the Environment Variables section of Azure Web App and add client secret.
APP_SETTING_CONTAINING_AAD_SECRET:clientsecret
Change the redirect URL in the App Registration as shown below:
https://<AzureWebAppName>.canadacentral-01.azurewebsites/api/login/aad/callback
Azure Output public Route:
Protected Route: