openId connect plugin / guidance
In MVC, we have Microsoft OpenId Connect / Owin to secure the application using Hybrid flow with a Single Page Application on the front end.
The request is to have capabilities to move from MVC SPA (self hosted VM) to Serverless (Azure blob + Azure function as backend) to do Hybrid flow authentication.
I read this item as two things:
1. A desire for OIDC capabilities, in which case there is another item that may be related: https://feedback.azure.com/forums/355860-azure-functions/suggestions/13286541-enable-custom-3rd-party-authentication-providers
2. A desire for guidance for migrating from MVC, which we do not currently have a solution for.
Reference links Implicit flow is insecure:
Implicit flow is not secure, so that option is out for Serverless Architecture.