Share via


az webapp auth microsoft

Note

This reference is part of the authV2 extension for the Azure CLI (version 2.23.0 or higher). The extension will automatically install the first time you run an az webapp auth microsoft command. Learn more about extensions.

Manage webapp authentication and authorization of the Microsoft identity provider.

Commands

Name Description Type Status
az webapp auth microsoft show

Show the authentication settings for the Azure Active Directory identity provider.

Extension GA
az webapp auth microsoft update

Update the client id and client secret for the Azure Active Directory identity provider.

Extension GA

az webapp auth microsoft show

Show the authentication settings for the Azure Active Directory identity provider.

az webapp auth microsoft show [--ids]
                              [--name]
                              [--resource-group]
                              [--slot]
                              [--subscription]

Examples

Show the authentication settings for the Azure Active Directory identity provider. (autogenerated)

az webapp auth microsoft show --name MyWebApp --resource-group MyResourceGroup

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the web app.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--slot -s

The name of the slot. Default to the productions slot if not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az webapp auth microsoft update

Update the client id and client secret for the Azure Active Directory identity provider.

az webapp auth microsoft update [--allowed-audiences]
                                [--certificate-issuer]
                                [--client-id]
                                [--client-secret]
                                [--client-secret-certificate-san]
                                [--client-secret-certificate-thumbprint]
                                [--client-secret-setting-name]
                                [--ids]
                                [--issuer]
                                [--name]
                                [--resource-group]
                                [--slot]
                                [--subscription]
                                [--tenant-id]
                                [--yes]

Examples

Update the open id issuer, client id and client secret for the Azure Active Directory identity provider.

az webapp auth microsoft update  -g myResourceGroup --name MyWebApp \
  --client-id my-client-id --client-secret very_secret_password \
  --issuer https://sts.windows.net/54826b22-38d6-4fb2-bad9-b7983a3e9c5a/

Optional Parameters

--allowed-audiences --allowed-token-audiences

The configuration settings of the allowed list of audiences from which to validate the JWT token.

--certificate-issuer --client-secret-certificate-issuer

Alternative to AAD Client Secret and thumbprint, issuer of a certificate used for signing purposes.

--client-id

The Client ID of this relying party application, known as the client_id.

--client-secret

AAD application secret.

--client-secret-certificate-san --san

Alternative to AAD Client Secret and thumbprint, subject alternative name of a certificate used for signing purposes.

--client-secret-certificate-thumbprint --thumbprint

Alternative to AAD Client Secret, thumbprint of a certificate used for signing purposes.

--client-secret-setting-name --secret-setting

The app setting name that contains the client secret of the relying party application.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--issuer

The OpenID Connect Issuer URI that represents the entity which issues access tokens for this application.

--name -n

Name of the web app.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--slot -s

The name of the slot. Default to the productions slot if not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tenant-id

The tenant id of the application.

--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.