Skip to content

Commit 0dc5c90

Browse files
authored
Update auth section
1 parent 90a0028 commit 0dc5c90

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

articles/container-apps/sessions.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -95,11 +95,11 @@ Example strategies include:
9595
> [!IMPORTANT]
9696
> Failure to secure access to sessions may result in misuse or unauthorized access to data stored in your users' sessions.
9797
98-
### Authentication
98+
### <a name="authentication"></a>Authentication and authorization
9999

100-
When you send HTTP requests to a session, authentication is handled using Microsoft Entra (formerly Azure Active Directory) tokens. Valid Microsoft Entra tokens are generated by an identity belonging to the *Azure ContainerApps Session Executor* role on the session pool.
100+
When you send HTTP requests to a session, authentication is handled using Microsoft Entra (formerly Azure Active Directory) tokens. Only Microsoft Entra tokens from an identity belonging to the *Azure ContainerApps Session Executor* role on the session pool are authorized to call the pool management API.
101101

102-
To assign the roles to an identity, use the following Azure CLI commands:
102+
To assign the role to an identity, use the following Azure CLI command:
103103

104104
```bash
105105
az role assignment create \
@@ -178,7 +178,7 @@ access_token = token.token
178178
---
179179

180180
> [!IMPORTANT]
181-
> A valid token can be used to create and access any session in the pool. Keep your tokens secure and don't share them with untrusted parties. End users should access sessions through your application, not directly.
181+
> A valid token can be used to create and access any session in the pool. Keep your tokens secure and don't share them with untrusted parties. End users should access sessions through your application, not directly. They should never have access to the tokens used to authenticate requests to the session pool.
182182
183183
#### Lifecycle
184184

0 commit comments

Comments
 (0)