Best ways to authenticate from SPFx app (deployed to Teams) to Azure function

Question

Hello,

We have an SPFx (React ts) app deployed to teams and trying to authenticate to Azure function deployed on a private endpoint. Are app registrations the only way to authenticate or can we use managed identities? When I allow everything (access) into the function, it works well with API key. But was looking for more secure ways to authenticate.

Thanks.

Answer 1

Hello dotnet_guy,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand that you would like to know the best ways to authenticate from SPFx app (deployed to Teams) to Azure function.

The best way to reduce overhead are:

1. For SPFx apps, App Registrations with OAuth2 remain the most straightforward and secure solution - https://learn.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient and https://www.youtube.com/watch?v=XGD930-O73M
2. Managed Identities should be considered only in scenarios involving a backend service or API that acts on behalf of the SPFx app. - https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-use-managed-service-identity and https://learn.microsoft.com/en-us/azure/api-management/authentication-managed-identity-policy and https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity

Kindly use the resources provided to read more details and step-by-step comprehensive guide to implement secure authentication for SPFx apps and APIs using App Registrations or Managed Identities.

I hope this is helpful! Do not hesitate to let me know if you have any other questions.

---

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.