openId connect plugin / guidance
In MVC, we have Microsoft OpenId Connect / Owin to secure the application using Hybrid flow with a Single Page Application on the front end.
The request is to have capabilities to move from MVC SPA (self hosted VM) to Serverless (Azure blob + Azure function as backend) to do Hybrid flow authentication.

I read this item as two things:
1. A desire for OIDC capabilities, in which case there is another item that may be related: https://feedback.azure.com/forums/355860-azure-functions/suggestions/13286541-enable-custom-3rd-party-authentication-providers
2. A desire for guidance for migrating from MVC, which we do not currently have a solution for.
- Matthew
2 comments
-
Anonymous commented
Reference links Implicit flow is insecure:
https://tools.ietf.org/html/draft-ietf-oauth-security-topics-09#section-2.1.2
https://medium.com/oauth-2/why-you-should-stop-using-the-oauth-implicit-grant-2436ced1c926 -
Anonymous commented
Implicit flow is not secure, so that option is out for Serverless Architecture.