Use a more unique query param than "code"
I ran into an issue with an Oauth redirect because the Oauth provider (Kloudless) was also using the code query param for the Oauth redirect. Since the function required this query param I was not able to get the code sent by Kloudless to get an access token. Therefore, I had to just make the function anonymous, since there is no way for me to have Kloudless send it in the headers( I have no control over that). The query param Azure uses for authentication should not be such a vanilla query param. It should at least be like ms-code or api-key or func-code to reduce possibility of query param collisions. Thank you!
Having this configurable makes a ton of sense. Perhaps this could be a host.json setting or similar. We will look into it.
It’s worth noting that for clients that can set headers, the, x-functions-key header is a good solution here. That of course doesn’t apply to the OP’s case.