Merge pull request #279053 from craigshoemaker/swa/auth-update

prmerger-automator[bot] · web-flow · commit cd80aa141b10 · 2024-06-24T17:56:31.000Z
[Static Web Apps] Updates: Authentication &amp; authorization (freshness)
diff --git a/articles/static-web-apps/authentication-authorization.yml b/articles/static-web-apps/authentication-authorization.yml
@@ -5,7 +5,7 @@ metadata:
   description: Learn to use different authorization providers to secure your Azure Static Web Apps.
   author: craigshoemaker
   ms.author: cshoe
-  ms.date: 12/22/2022
+  ms.date: 06/24/2024
   ms.service: static-web-apps
   ms.topic: how-to
   ms.custom:
@@ -15,23 +15,22 @@ metadata:
 title: |
   Authenticate and authorize Static Web Apps
 introduction: |
-  > [!WARNING]
-  > Due to changes in X (formerly Twitter) API policy we can’t continue to support it as part of the pre-configured providers for your app.
-  > If you want to continue to use X (formerly Twitter) for authentication/authorization with your app, update your app configuration to [register a custom provider](./authentication-custom.md).
-
-
-  Azure Static Web Apps provides a streamlined authentication experience, where no other actions or configurations are required to use GitHub and Microsoft Entra ID for authentication.
+  Azure Static Web Apps provides a streamlined authentication experience, where no extra configuration is required to use GitHub and Microsoft Entra ID for authentication.
 
   In this article, learn about default behavior, how to set up sign-in and sign-out, how to block an authentication provider, and more.
 
   You can [register a custom provider](./authentication-custom.md), which disables all pre-configured providers.
 
+  > [!WARNING]
+  > Due to changes in X (formerly Twitter) API policy, support is not available as part of the pre-configured providers for your app.
+  > If you want to continue to use X (formerly Twitter) for authentication/authorization with your app, update your app configuration to [register a custom provider](./authentication-custom.md).
+
 prerequisites:
   summary: |
     Be aware of the following defaults and resources for authentication and authorization with Azure Static Web Apps.
 
     **Defaults:**
-    - Any user can authenticate with a pre-configured provider
+    - Any user can authenticate with a preconfigured provider
       - GitHub
       - Microsoft Entra ID
       - To restrict an authentication provider, [block access](#block-an-authentication-provider) with a custom route rule
@@ -42,7 +41,7 @@ prerequisites:
     - Assign users custom roles using the built-in [invitations system](authentication-custom.md#manage-roles)
     - Programmatically assign users custom roles at sign-in with an [API function](apis-overview.md)
     - Understand that authentication and authorization significantly overlap with routing concepts, which are detailed in the [Application configuration guide](configuration.md)
-    - Restrict sign-in to a specific Microsoft Entra tenant by [configuring a custom Microsoft Entra provider](authentication-custom.md?tabs=aad). The pre-configured Microsoft Entra provider allows any Microsoft account to sign in.
+    - Restrict sign-in to a specific Microsoft Entra ID tenant by [configuring a custom Microsoft Entra ID provider](authentication-custom.md?tabs=aad). The preconfigured Microsoft Entra ID provider allows any Microsoft account to sign in.
 
 procedureSection:
   - title: |
@@ -52,18 +51,18 @@ procedureSection:
 
       Use the following table to find the provider-specific route.
 
-      | Authorization provider | Sign in route             |
-      | ---------------------- | ----------------------- |
-      | Microsoft Entra ID | `/.auth/login/aad`      |
-      | GitHub                 | `/.auth/login/github`   |
+      | Authorization provider | Sign in route |
+      | --- | --- |
+      | Microsoft Entra ID | `/.auth/login/aad` |
+      | GitHub | `/.auth/login/github` |
 
-      For example, to sign in with GitHub, you could include something similar to the following link.
+      For example, to sign in with GitHub, you could use a URL similar to the following example.
 
       ```html
       <a href="/.auth/login/github">Login</a>
       ```
 
-      If you chose to support more than one provider, expose a provider-specific link for each on your website.
+      If you chose to support more than one provider, use a provider-specific link for each provider on your website.
       Use a [route rule](./configuration.md#routes) to map a default provider to a friendly route like _/login_.
 
       ```json
@@ -75,13 +74,13 @@ procedureSection:
 
       ### Set up post-sign-in redirect
 
-      Return a user to a specific page after they sign in by providing a fully qualified URL in the `post_login_redirect_uri` query string parameter, like in the following example.
+      You can return a user to a specific page after they sign in by providing a fully qualified URL in the `post_login_redirect_uri` query string parameter.
     code: |
       ```html
       <a href="/.auth/login/github?post_login_redirect_uri=https://zealous-water.azurestaticapps.net/success">Login</a>
       ```
 
-      You can also redirect unauthenticated users back to the referring page after they sign in. To configure this behavior, create a [response override](configuration.md#response-overrides) rule that sets `post_login_redirect_uri` to `.referrer`, like in the following example.
+      You can also redirect unauthenticated users back to the referring page after they sign in. To add this redirect, create a [response override](configuration.md#response-overrides) rule that sets `post_login_redirect_uri` to `.referrer`, like in the following example.
 
       ```json
       {
@@ -117,9 +116,9 @@ procedureSection:
 
       ## Block an authentication provider
 
-      You may want to restrict your app from using an authentication provider, since all authentication providers are enabled. For instance, your app may want to standardize only on [providers that expose email addresses](authentication-custom.md#create-an-invitation).
+      By default, all authentication providers are enabled, but you may want to restrict your app from using a provider. For instance, your app may want to only use [providers that expose email addresses](authentication-custom.md#create-an-invitation).
 
-      To block a provider, you can create [route rules](configuration.md#routes) to return a 404 status code for requests to the blocked provider-specific route. For example, to restrict Twitter as provider, add the following route rule.
+      To block a provider, create a [route rule](configuration.md#routes) to return a `404` status code for requests to the blocked provider-specific route. For example, to restrict X (formerly Twitter) as provider, add the following route rule.
     code: |
       ```json
       {
