Share via


az containerapp auth

Note

This command group has commands that are defined in both Azure CLI and at least one extension. Install each extension to benefit from its extended capabilities. Learn more about extensions.

Manage containerapp authentication and authorization.

Commands

Name Description Type Status
az containerapp auth apple

Manage containerapp authentication and authorization of the Apple identity provider.

Core GA
az containerapp auth apple show

Show the authentication settings for the Apple identity provider.

Core GA
az containerapp auth apple update

Update the client id and client secret for the Apple identity provider.

Core GA
az containerapp auth facebook

Manage containerapp authentication and authorization of the Facebook identity provider.

Core GA
az containerapp auth facebook show

Show the authentication settings for the Facebook identity provider.

Core GA
az containerapp auth facebook update

Update the app id and app secret for the Facebook identity provider.

Core GA
az containerapp auth github

Manage containerapp authentication and authorization of the GitHub identity provider.

Core GA
az containerapp auth github show

Show the authentication settings for the GitHub identity provider.

Core GA
az containerapp auth github update

Update the client id and client secret for the GitHub identity provider.

Core GA
az containerapp auth google

Manage containerapp authentication and authorization of the Google identity provider.

Core GA
az containerapp auth google show

Show the authentication settings for the Google identity provider.

Core GA
az containerapp auth google update

Update the client id and client secret for the Google identity provider.

Core GA
az containerapp auth microsoft

Manage containerapp authentication and authorization of the Microsoft identity provider.

Core GA
az containerapp auth microsoft show

Show the authentication settings for the Azure Active Directory identity provider.

Core GA
az containerapp auth microsoft update

Update the client id and client secret for the Azure Active Directory identity provider.

Core GA
az containerapp auth openid-connect

Manage containerapp authentication and authorization of the custom OpenID Connect identity providers.

Core GA
az containerapp auth openid-connect add

Configure a new custom OpenID Connect identity provider.

Core GA
az containerapp auth openid-connect remove

Removes an existing custom OpenID Connect identity provider.

Core GA
az containerapp auth openid-connect show

Show the authentication settings for the custom OpenID Connect identity provider.

Core GA
az containerapp auth openid-connect update

Update the client id and client secret setting name for an existing custom OpenID Connect identity provider.

Core GA
az containerapp auth show

Show the authentication settings for the containerapp.

Core GA
az containerapp auth show (containerapp extension)

Show the authentication settings for the containerapp.

Extension GA
az containerapp auth twitter

Manage containerapp authentication and authorization of the Twitter identity provider.

Core GA
az containerapp auth twitter show

Show the authentication settings for the Twitter identity provider.

Core GA
az containerapp auth twitter update

Update the consumer key and consumer secret for the Twitter identity provider.

Core GA
az containerapp auth update

Update the authentication settings for the containerapp.

Core GA
az containerapp auth update (containerapp extension)

Update the authentication settings for the containerapp.

Extension GA

az containerapp auth show

Show the authentication settings for the containerapp.

az containerapp auth show [--ids]
                          [--name]
                          [--resource-group]
                          [--subscription]

Examples

Show the authentication settings for the containerapp.

az containerapp auth show --name my-containerapp --resource-group MyResourceGroup

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the Containerapp. A name must consist of lower case alphanumeric characters or '-', start with a letter, end with an alphanumeric character, cannot have '--', and must be less than 32 characters.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az containerapp auth show (containerapp extension)

Show the authentication settings for the containerapp.

az containerapp auth show [--ids]
                          [--name]
                          [--resource-group]
                          [--subscription]

Examples

Show the authentication settings for the containerapp.

az containerapp auth show --name my-containerapp --resource-group MyResourceGroup

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the Containerapp. A name must consist of lower case alphanumeric characters or '-', start with a letter, end with an alphanumeric character, cannot have '--', and must be less than 32 characters.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az containerapp auth update

Update the authentication settings for the containerapp.

az containerapp auth update [--action {AllowAnonymous, RedirectToLoginPage, Return401, Return403}]
                            [--config-file-path]
                            [--custom-host-header]
                            [--custom-proto-header]
                            [--enabled {false, true}]
                            [--excluded-paths]
                            [--ids]
                            [--name]
                            [--proxy-convention {Custom, NoProxy, Standard}]
                            [--redirect-provider]
                            [--require-https {false, true}]
                            [--resource-group]
                            [--runtime-version]
                            [--sas-url-secret]
                            [--sas-url-secret-name]
                            [--set]
                            [--subscription]
                            [--token-store {false, true}]
                            [--yes]

Examples

Update the client ID of the AAD provider already configured.

az containerapp auth update -g myResourceGroup --name my-containerapp --set identityProviders.azureActiveDirectory.registration.clientId=my-client-id

Configure the app with file based authentication by setting the config file path.

az containerapp auth update -g myResourceGroup --name my-containerapp --config-file-path D:\home\site\wwwroot\auth.json

Configure the app to allow unauthenticated requests to hit the app.

az containerapp auth update -g myResourceGroup --name my-containerapp --unauthenticated-client-action AllowAnonymous

Configure the app to redirect unauthenticated requests to the Facebook provider.

az containerapp auth update -g myResourceGroup --name my-containerapp --redirect-provider Facebook

Configure the app to listen to the forward headers X-FORWARDED-HOST and X-FORWARDED-PROTO.

az containerapp auth update -g myResourceGroup --name my-containerapp --proxy-convention Standard

Optional Parameters

--action --unauthenticated-client-action

The action to take when an unauthenticated client attempts to access the app.

Accepted values: AllowAnonymous, RedirectToLoginPage, Return401, Return403
--config-file-path

The path of the config file containing auth settings if they come from a file.

--custom-host-header --proxy-custom-host-header

The name of the header containing the host of the request.

--custom-proto-header --proxy-custom-proto-header

The name of the header containing the scheme of the request.

--enabled

True if the Authentication / Authorization feature is enabled for the current app; otherwise, false.

Accepted values: false, true
--excluded-paths

The list of paths that should be excluded from authentication rules.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the Containerapp. A name must consist of lower case alphanumeric characters or '-', start with a letter, end with an alphanumeric character, cannot have '--', and must be less than 32 characters.

--proxy-convention

The convention used to determine the url of the request made.

Accepted values: Custom, NoProxy, Standard
--redirect-provider

The default authentication provider to use when multiple providers are configured.

--require-https

False if the authentication/authorization responses not having the HTTPS scheme are permissible; otherwise, true.

Accepted values: false, true
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--runtime-version

The RuntimeVersion of the Authentication / Authorization feature in use for the current app.

--sas-url-secret

The blob storage SAS URL to be used for token store.

--sas-url-secret-name

The secret name that contains blob storage SAS URL to be used for token store.

--set

Value of a specific field within the configuration settings for the Azure App Service Authentication / Authorization feature.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--token-store

Boolean indicating if token store is enabled for the app.

Accepted values: false, true
--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az containerapp auth update (containerapp extension)

Update the authentication settings for the containerapp.

az containerapp auth update [--action {AllowAnonymous, RedirectToLoginPage, Return401, Return403}]
                            [--config-file-path]
                            [--custom-host-header]
                            [--custom-proto-header]
                            [--enabled {false, true}]
                            [--excluded-paths]
                            [--ids]
                            [--name]
                            [--proxy-convention {Custom, NoProxy, Standard}]
                            [--redirect-provider]
                            [--require-https {false, true}]
                            [--resource-group]
                            [--runtime-version]
                            [--sas-url-secret]
                            [--sas-url-secret-name]
                            [--set]
                            [--subscription]
                            [--token-store {false, true}]
                            [--yes]

Examples

Update the client ID of the AAD provider already configured.

az containerapp auth update -g myResourceGroup --name my-containerapp --set identityProviders.azureActiveDirectory.registration.clientId=my-client-id

Configure the app with file based authentication by setting the config file path.

az containerapp auth update -g myResourceGroup --name my-containerapp --config-file-path D:\home\site\wwwroot\auth.json

Configure the app to allow unauthenticated requests to hit the app.

az containerapp auth update -g myResourceGroup --name my-containerapp --unauthenticated-client-action AllowAnonymous

Configure the app to redirect unauthenticated requests to the Facebook provider.

az containerapp auth update -g myResourceGroup --name my-containerapp --redirect-provider Facebook

Configure the app to listen to the forward headers X-FORWARDED-HOST and X-FORWARDED-PROTO.

az containerapp auth update -g myResourceGroup --name my-containerapp --proxy-convention Standard

Optional Parameters

--action --unauthenticated-client-action

The action to take when an unauthenticated client attempts to access the app.

Accepted values: AllowAnonymous, RedirectToLoginPage, Return401, Return403
--config-file-path

The path of the config file containing auth settings if they come from a file.

--custom-host-header --proxy-custom-host-header

The name of the header containing the host of the request.

--custom-proto-header --proxy-custom-proto-header

The name of the header containing the scheme of the request.

--enabled

True if the Authentication / Authorization feature is enabled for the current app; otherwise, false.

Accepted values: false, true
--excluded-paths

The list of paths that should be excluded from authentication rules.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the Containerapp. A name must consist of lower case alphanumeric characters or '-', start with a letter, end with an alphanumeric character, cannot have '--', and must be less than 32 characters.

--proxy-convention

The convention used to determine the url of the request made.

Accepted values: Custom, NoProxy, Standard
--redirect-provider

The default authentication provider to use when multiple providers are configured.

--require-https

False if the authentication/authorization responses not having the HTTPS scheme are permissible; otherwise, true.

Accepted values: false, true
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--runtime-version

The RuntimeVersion of the Authentication / Authorization feature in use for the current app.

--sas-url-secret

The blob storage SAS URL to be used for token store.

--sas-url-secret-name

The secret name that contains blob storage SAS URL to be used for token store.

--set

Value of a specific field within the configuration settings for the Azure App Service Authentication / Authorization feature.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--token-store

Boolean indicating if token store is enabled for the app.

Accepted values: false, true
--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.