You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/_posts/2025-05-15-azure-function-authentication-from-an-azure-runbook.md
+8-6Lines changed: 8 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,17 +12,19 @@ Too long didn't read: Azure functions authentication requires that the accessTok
12
12
13
13
## Background
14
14
15
-
I have a customer who I helped previously build simple tools for automation of their infrastructuredue to new customers coming in to their multi tenant solution. As part of the infrastructure they may need one or more of:
15
+
I have a customer who I helped previously build simple tools for automation of their infrastructure. Their configuration and infrastructure changes through this automation due to them onboaring their new customers to their solution in which their customers can then self service a lot of the platform. As part of the infrastructure configuration management they may need one or more of:
16
16
17
17
- DNS records
18
-
- tenant configuration in a database
19
-
-new databases
18
+
- tenant configuration in some central database
19
+
-New databases
20
20
- keycloak organizations
21
21
- Azure web app custom hostname with certificate binding
22
22
23
-
This has worked well and good but they recently wanted to add some functionality and used Azure functions for, intending to migrate my old powershell scripts from runbooks to there to build a more powerful and flexible dashboard. This dashboard app will for obvious reasons have a nicer time invoking Azure functions than Azure automation runbooks.
23
+
This has worked well and good but they recently wanted to add some functionality to the automation. For this they chose Azure functions, intending to migrate away from my old powershell scripts, thus unlocking a more powerful and flexible admin dashboard. This dashboard app will for obvious reasons have a nicer time invoking Azure functions than Azure automation runbooks.
24
24
25
-
Naïvly I just thought I would use something like `Connect-AzAccount` in directly in powershell and set the tenant and subscription - or use `az account get-access-token` to get something I could use to make the request, but I was met by failure.
25
+
Running their function with Invoke-RestMethod returned a 401 and they asked me for some help.
26
+
27
+
Naïvly I tought that I could just use something like `Connect-AzAccount` directly in powershell and set the tenant and subscription - or use `az account get-access-token` to get something I could use to make the request, but I was met by failure.
So we are dealing with an azure function, it is not publicly available, nor available with an apikey, so we need to authenticate to be able to have our call authorized. Yet the normal way one might think of getting such an auth token is invalid. We have to go deeper.
44
+
So we are dealing with an Azure function, it is not publicly available, nor available with an apikey, so we need to authenticate to be able to have our call authorized. Yet the normal way one might think of getting such an auth token is invalid. We have to go deeper.
43
45
44
46
As a normal user with a frontend in a browser or mobile app, usually this isn't that hard to wrap your head around when building an application leveraging Azure functions or any serverless platform. Your functions/applications are their own thing separate from your Azure Resource Management and you will use the `/.auth/aad` or whic hever federation you set up. The user will navigate the flow and come out the other end with an access token.
0 commit comments