You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It looks like I can use the routes.json file to add auth to my azure functions routes, so I think it makes sense to specify which methods the routes.json rules would apply to.
In my scenario, I have a route called api/catalog-items, and I would like to only allow POST, PUT and DELETE for authenticated users, but GET request have no auth rules. I'm thinking an array would be the best data type, and GET would be the default value for unspecified route objects.
We will take a look at adding this, thanks for the suggestion! I see this as really only applicable to the Functions api calls and not really relevant to the static content. Does that match your expectation?
Yeah, I guess it's only applicable to the functions back-end. As it is now it's still really useful to be able to add authentication/authorization to my functions, but I'm really curious if this is something that I am supposed to be doing, is this a planned use-case? Thanks for answering by the way.
So there are 2 planned use cases when working with auth and Functions. One is using the routes.json to allow/deny particular sets of users based on roles. The second is using the auth information passed to the Function as a header to perform more in depth authentication checks (i.e. you may want to allow/deny based on the email of a user).