Google Authentication for your Azure Function app

In this blog post, we will focus on Authenticating Azure Functions using Google Authentication. We will be using App Service to use Google as our Identity Provider.

Let us begin by creating our sample Azure Function and deploy it to Azure. We will ensure that the Authentication Level is set to Anonymous for our sample Function.

Figure 01

We will keep our sample function as simple as possible, which in this case mean return a string.

public static async Task<IActionResult> SayHello(
    [HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req,
    ILogger log)
    return new OkObjectResult("You are authenticated");

With our sample function in place, we will deploy the function to azure and grab the Url.

Figure 02

Now that we have our function up and running in Azure, the next step involves setting up our Google App using Google Developer Console. We will create a new App using the Console.

Figure 03

The Next step involve setting up OAuth Consent Screen for the new app we created.

Figure 04
Figure 05

Ensure the associated User Type is set as External as shown in the Figure 5. You would also need to add the App Information as seen in the following.

Figure 06

Having set up the OAuth Client Consent Screens, now we need to set up the credentials for OAuth App.

Figure 07
Figure 08

Select “OAuth Client ID” from the Create Credentials menu. Then, add the app details. In the Authorized Javascript Origins URI, fill the URL of the Azure Function app you have retrieved in the Figure 02.

The Authorized Redirect URIs needs to be in format ({function app uri}/.auth/login/google/callback). Save your details. This would also display the ClientID and Client Secret as shown in the Figure 09.

Figure 09

With that you are done with your Google app configuration part. We will now head back to our Azure portal to complete the authentication process and add the Identity provider.

Within the Azure portal of your Azure Function, open the “Authentication” menu and select “Add Identity Provider”

Figure 10

Select “Google” as the Identity Provider.

Figure 11

This would display the screen to add the configurations including client id and client secret as shown in the Figure 12.

Figure 12

Client ID and Client secret are ones we got in the Figure 09. You also need to ensure the “Unauthenticated Requests” is set as “Http 401 Unauthorized : recommended for APIs” along with “Authentication” as “Require Authentication”.

Save your details and your Azure function would be now ready to be authenticated with Google. Try accessing the Function URI and you would be redirected to the Google authentication page.

Hope that was useful, more on Azure soon.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s