az containerapp auth
Note
This command group has commands that are defined in both Azure CLI and at least one extension. Install each extension to benefit from its extended capabilities. Learn more about extensions.
Manage containerapp authentication and authorization.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az containerapp auth apple |
Manage containerapp authentication and authorization of the Apple identity provider. |
Core | GA |
| az containerapp auth apple show |
Show the authentication settings for the Apple identity provider. |
Core | GA |
| az containerapp auth apple update |
Update the client id and client secret for the Apple identity provider. |
Core | GA |
| az containerapp auth facebook |
Manage containerapp authentication and authorization of the Facebook identity provider. |
Core | GA |
| az containerapp auth facebook show |
Show the authentication settings for the Facebook identity provider. |
Core | GA |
| az containerapp auth facebook update |
Update the app id and app secret for the Facebook identity provider. |
Core | GA |
| az containerapp auth github |
Manage containerapp authentication and authorization of the GitHub identity provider. |
Core | GA |
| az containerapp auth github show |
Show the authentication settings for the GitHub identity provider. |
Core | GA |
| az containerapp auth github update |
Update the client id and client secret for the GitHub identity provider. |
Core | GA |
| az containerapp auth google |
Manage containerapp authentication and authorization of the Google identity provider. |
Core | GA |
| az containerapp auth google show |
Show the authentication settings for the Google identity provider. |
Core | GA |
| az containerapp auth google update |
Update the client id and client secret for the Google identity provider. |
Core | GA |
| az containerapp auth microsoft |
Manage containerapp authentication and authorization of the Microsoft identity provider. |
Core | GA |
| az containerapp auth microsoft show |
Show the authentication settings for the Azure Active Directory identity provider. |
Core | GA |
| az containerapp auth microsoft update |
Update the client id and client secret for the Azure Active Directory identity provider. |
Core | GA |
| az containerapp auth openid-connect |
Manage containerapp authentication and authorization of the custom OpenID Connect identity providers. |
Core | GA |
| az containerapp auth openid-connect add |
Configure a new custom OpenID Connect identity provider. |
Core | GA |
| az containerapp auth openid-connect remove |
Removes an existing custom OpenID Connect identity provider. |
Core | GA |
| az containerapp auth openid-connect show |
Show the authentication settings for the custom OpenID Connect identity provider. |
Core | GA |
| az containerapp auth openid-connect update |
Update the client id and client secret setting name for an existing custom OpenID Connect identity provider. |
Core | GA |
| az containerapp auth show |
Show the authentication settings for the containerapp. |
Core | GA |
| az containerapp auth show (containerapp extension) |
Show the authentication settings for the containerapp. |
Extension | GA |
| az containerapp auth twitter |
Manage containerapp authentication and authorization of the Twitter identity provider. |
Core | GA |
| az containerapp auth twitter show |
Show the authentication settings for the Twitter identity provider. |
Core | GA |
| az containerapp auth twitter update |
Update the consumer key and consumer secret for the Twitter identity provider. |
Core | GA |
| az containerapp auth update |
Update the authentication settings for the containerapp. |
Core | GA |
| az containerapp auth update (containerapp extension) |
Update the authentication settings for the containerapp. |
Extension | GA |
az containerapp auth show
Show the authentication settings for the containerapp.
az containerapp auth show [--ids]
[--name]
[--resource-group]
[--subscription]Examples
Show the authentication settings for the containerapp.
az containerapp auth show --name my-containerapp --resource-group MyResourceGroupOptional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the Containerapp. A name must consist of lower case alphanumeric characters or '-', start with a letter, end with an alphanumeric character, cannot have '--', and must be less than 32 characters.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az containerapp auth show (containerapp extension)
Show the authentication settings for the containerapp.
az containerapp auth show [--ids]
[--name]
[--resource-group]
[--subscription]Examples
Show the authentication settings for the containerapp.
az containerapp auth show --name my-containerapp --resource-group MyResourceGroupOptional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the Containerapp. A name must consist of lower case alphanumeric characters or '-', start with a letter, end with an alphanumeric character, cannot have '--', and must be less than 32 characters.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az containerapp auth update
Update the authentication settings for the containerapp.
az containerapp auth update [--action {AllowAnonymous, RedirectToLoginPage, Return401, Return403}]
[--config-file-path]
[--custom-host-header]
[--custom-proto-header]
[--enabled {false, true}]
[--excluded-paths]
[--ids]
[--name]
[--proxy-convention {Custom, NoProxy, Standard}]
[--redirect-provider]
[--require-https {false, true}]
[--resource-group]
[--runtime-version]
[--sas-url-secret]
[--sas-url-secret-name]
[--set]
[--subscription]
[--token-store {false, true}]
[--yes]Examples
Update the client ID of the AAD provider already configured.
az containerapp auth update -g myResourceGroup --name my-containerapp --set identityProviders.azureActiveDirectory.registration.clientId=my-client-idConfigure the app with file based authentication by setting the config file path.
az containerapp auth update -g myResourceGroup --name my-containerapp --config-file-path D:\home\site\wwwroot\auth.jsonConfigure the app to allow unauthenticated requests to hit the app.
az containerapp auth update -g myResourceGroup --name my-containerapp --unauthenticated-client-action AllowAnonymousConfigure the app to redirect unauthenticated requests to the Facebook provider.
az containerapp auth update -g myResourceGroup --name my-containerapp --redirect-provider FacebookConfigure the app to listen to the forward headers X-FORWARDED-HOST and X-FORWARDED-PROTO.
az containerapp auth update -g myResourceGroup --name my-containerapp --proxy-convention StandardOptional Parameters
The action to take when an unauthenticated client attempts to access the app.
The path of the config file containing auth settings if they come from a file.
The name of the header containing the host of the request.
The name of the header containing the scheme of the request.
True if the Authentication / Authorization feature is enabled for the current app; otherwise, false.
The list of paths that should be excluded from authentication rules.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the Containerapp. A name must consist of lower case alphanumeric characters or '-', start with a letter, end with an alphanumeric character, cannot have '--', and must be less than 32 characters.
The convention used to determine the url of the request made.
The default authentication provider to use when multiple providers are configured.
False if the authentication/authorization responses not having the HTTPS scheme are permissible; otherwise, true.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The RuntimeVersion of the Authentication / Authorization feature in use for the current app.
The blob storage SAS URL to be used for token store.
The secret name that contains blob storage SAS URL to be used for token store.
Value of a specific field within the configuration settings for the Azure App Service Authentication / Authorization feature.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Boolean indicating if token store is enabled for the app.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az containerapp auth update (containerapp extension)
Update the authentication settings for the containerapp.
az containerapp auth update [--action {AllowAnonymous, RedirectToLoginPage, Return401, Return403}]
[--config-file-path]
[--custom-host-header]
[--custom-proto-header]
[--enabled {false, true}]
[--excluded-paths]
[--ids]
[--name]
[--proxy-convention {Custom, NoProxy, Standard}]
[--redirect-provider]
[--require-https {false, true}]
[--resource-group]
[--runtime-version]
[--sas-url-secret]
[--sas-url-secret-name]
[--set]
[--subscription]
[--token-store {false, true}]
[--yes]Examples
Update the client ID of the AAD provider already configured.
az containerapp auth update -g myResourceGroup --name my-containerapp --set identityProviders.azureActiveDirectory.registration.clientId=my-client-idConfigure the app with file based authentication by setting the config file path.
az containerapp auth update -g myResourceGroup --name my-containerapp --config-file-path D:\home\site\wwwroot\auth.jsonConfigure the app to allow unauthenticated requests to hit the app.
az containerapp auth update -g myResourceGroup --name my-containerapp --unauthenticated-client-action AllowAnonymousConfigure the app to redirect unauthenticated requests to the Facebook provider.
az containerapp auth update -g myResourceGroup --name my-containerapp --redirect-provider FacebookConfigure the app to listen to the forward headers X-FORWARDED-HOST and X-FORWARDED-PROTO.
az containerapp auth update -g myResourceGroup --name my-containerapp --proxy-convention StandardOptional Parameters
The action to take when an unauthenticated client attempts to access the app.
The path of the config file containing auth settings if they come from a file.
The name of the header containing the host of the request.
The name of the header containing the scheme of the request.
True if the Authentication / Authorization feature is enabled for the current app; otherwise, false.
The list of paths that should be excluded from authentication rules.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the Containerapp. A name must consist of lower case alphanumeric characters or '-', start with a letter, end with an alphanumeric character, cannot have '--', and must be less than 32 characters.
The convention used to determine the url of the request made.
The default authentication provider to use when multiple providers are configured.
False if the authentication/authorization responses not having the HTTPS scheme are permissible; otherwise, true.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The RuntimeVersion of the Authentication / Authorization feature in use for the current app.
The blob storage SAS URL to be used for token store.
The secret name that contains blob storage SAS URL to be used for token store.
Value of a specific field within the configuration settings for the Azure App Service Authentication / Authorization feature.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Boolean indicating if token store is enabled for the app.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
