DurableFunctionsMonitor 3.8

• BREAKING: The backend now enforces authentication by default. If you still want to turn it off (e.g. to run it locally on your devbox), set DFM_NONCE config setting to i_sure_know_what_i_am_doing.

• Standalone service is now capable of validating AAD access tokens itself, without help from Easy Auth module. This allows hosting DFM instances outside Function Apps (e.g. in AKS, here is a deployment yaml for that). For that to work the following config settings need to be set (in addition to the normal AzureWebJobsStorage and DFM_HUB_NAME ones):

  • WEBSITE_AUTH_CLIENT_ID - clientId (aka applicationId) of your AAD application, that you have specifically created for protecting your DFM endpoints. See instructions on how to create an AAD app here.
  • WEBSITE_AUTH_OPENID_ISSUER - the Issuer claim (iss) in access tokens. Typically looks like https://login.microsoftonline.com/<your-aad-tenant-id>/v2.0.
  • (greatly recommended) DFM_ALLOWED_USER_NAMES - comma-separated list of user names (emails), that should be allowed to access. Matches the preferred_username claim in access tokens. WARNING: without this setting any user will be allowed to access your DFM endpoint.

  NOTE: only Azure AD Endpoint V2 is supported.

• 'Restart' button for orchestrations (triggers the new .RestartAsync() method).

• Sequence diagrams now show some timing (start times and durations)

• VsCode extension: WebViews are now persistent (do not reload every time you switch between them) and even persist their state (filters, sorting etc.) across restarts.

• VsCode extension: All logs (when enabled) now go to 'Durable Functions Monitor' output channel.

• Minor bugfixes.

durablefunctionsmonitor.dotnetbackend.3.8.0.nupkg
durablefunctionsmonitor-3.8.0.vsix