Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Securing local host using available providers #455
Before I start, sorry if I duplicated this issue/idea, just couldn't find it within this repo.
Are there any plans to integrate authentication using available providers(like Azure AD, Facebook etc.), so it is possible to secure host locally? I found it both a little tricky and cumbersome to differentiate local development from deployed one.
I think it could a great addition to the toolset, especially that many people are a bit confused when it comes to developing functions locally, when authentication is required.
I believe it could a bit problematic(since as I understand security features regarding authentication are underlying App Service responsibilities), but maybe there's a way, to ease mocking?
I'd love to see e.g. following functionality, where we can enable security in
And then provide a handler by convention using e.g. an interface:
Which could be applied each time a function is triggered using HttpTrigger.
EDIT: The idea is described here
Hi @kamil-mrzyglod, you're correct about Authentication/Authorization being a platform feature provided to function apps just by running on App Service platform on Azure.
The idea described in the blog post is interesting though. My only concern is that this would have to be local development only feature, as on Azure things would work differently. I'd like to see what others think of this.
@ahmelsayed Thank you for your response. My idea is to implement it locally only(using e.g.
The main purpose of such feature is to enable authentication locally using a custom provider, so I don't have to use constructs lie
Yes, this is something we're currently planning. We don't have a concrete timeline for when we'd be able to do it though. The basic idea is that the Functions CLI would host a version of the authentication module that we use in Azure so that you can test and develop locally with auth enabled.
@cgillum Is there any official workaround to somehow secure local development? While the fact, that there're plans to somehow host authentication module, is a great information, I find it extremely cumbersome when I have projects, in which key-based authorization is not sufficient.