How can we improve Microsoft Azure Functions?

Add "Deny" option when Request is not Authenticated

I have a function app set up as a private API that requires users to authenticate via Azure AD B2C to be able to make calls. My mobile app does the auth and then provides the Bearer token in the service calls.
This all works but if someone happens to browse an endpoint in a browser I don't want them to be redirected to the login page as the API is only meant to be requested from within the mobile app.
I would like an option to just deny access to the API when a request is not authorised.

2 votes
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)

We’ll send you updates on this idea

Simon Pain shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Petteri commented  ·   ·  Flag as inappropriate

    Maybe adding richer policy management (like e.g. in api management) into function proxy settings UI and handling this kind of access policy, token validation policy and caching policies there. What do you think about that? Personally, I like keeping function settings as lightweight as possible - less configuration & management.

Feedback and Knowledge Base