Azure Functions supports different types of bindings (going from Queue messages to Timers). When end users / applications need to talk directly to a function this happens over the Http Trigger.
By default this public facing URL is then protected with a code and in addition to that Easy Auth can be enabled. This makes it possible for users to authenticate using Azure AD or a handful of social providers.
Adding Auth0
npm install azure-functions-auth0 --save
The azure-functions-auth0 package allows you to wrap the actual function and make sure that only authenticated users are able to access the function (eg: after authenticating in a SPA).
const auth0 = require('azure-functions-auth0')({
clientId: 'IsTxQ7jAYAXL5r5HM4L1RMzsSG0UHeOy',
clientSecret: '.........',
domain: 'sandrino.auth0.com'
});
module.exports = auth0(function(context, req) {
context.log('Node.js HTTP trigger function processed a request. RequestUri=%s', req.originalUrl);
if (req.user) {
context.res = {
body: req.user
};
}
else {
context.res = {
status: 400,
body: "The user seems to be missing"
};
}
context.done();
});
A simple example that requires authentication here returns the user object if the user is successfully authenticated.
Note: Since this is a complete App Service environment this also means you can store your secrets as Environment Variables.
Deploying
Your function now requires a specific Node.js module which means you'll need to use Source Control setup. Configure source control for your Functions app under Settings, Deployment Source, Local Git. Then create the following directory structure locally:
host.json
An empty json file:
{ }
package.json
The package.json file which is used to define the dependencies:
{
"name": "functions",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"author": "",
"license": "ISC",
"dependencies": {
"azure-functions-auth0": "~1.0.0"
}
}
my-http-function/function.json
Definition of the function (nothing to change here):
{
"bindings": [
{
"webHookType": "",
"type": "httpTrigger",
"direction": "in",
"name": "req"
},
{
"type": "http",
"direction": "out",
"name": "res"
}
],
"disabled": false
}
my-http-function/index.js
The actual function:
const auth0 = require('azure-functions-auth0')({
clientId: 'xxx',
clientSecret: 'xxx',
domain: 'sandrino.auth0.com'
});
module.exports = auth0(function(context, req) {
context.log('Node.js HTTP trigger function processed a request. RequestUri=%s', req.originalUrl);
if (req.user) {
context.res = {
body: req.user
};
}
else {
context.res = {
status: 400,
body: "The user seems to be missing"
};
}
context.done();
});
Once you have all these files you add them and push this to the local Git repository in Azure. This will start the installation of the dependencies (the Node.js modules).
These files are also available in the boilerplate repository.
Testing
If you want to test this you can start by getting a token through the Resource Onwer endpoint: https://auth0.com/docs/auth-api#!#post--oauth-ro
Once you have the header you can call your function with the proper Authorization header.
GET /api/my-http-function?code=1pvufd35aopqmyk569wom6ajoranxlfw24wj3q6lahw5rzk0rudiz21wkgxpmur1r9k92swwb3xr HTTP/1.1
Host: functionsad5bb49d.azurewebsites.net
Content-Type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoic2FuZHJpbm9AYXV0aDAuY29tIiwiZW1haWwiOiJzYW5kcmlub0BhdXRoMC5jb20iLCJlbWFpbF92ZXJpZ...
And that's it! Your HttpTrigger functions are now protected with Auth0.
Usage
You can now write mobile applications, single page applications, background services, ... that all authenticate with Auth0 and then call an Azure Function.
Enjoy!
