Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article shows you how to configure Azure App Service or Azure Functions to use Google as an authentication provider.
To complete the procedure, you must have a Google account that has a verified email address. To create a new Google account, go to accounts.google.com.
Register your application with Google
Follow the Google documentation at Get your Google API client ID to create a client ID and client secret. You don't need to make any code changes.
- For Authorized JavaScript Origins, use
https://<app-name>.azurewebsites.net, replacing<app-name>with the name of your app. - For Authorized Redirect URI, use
https://<app-name>.azurewebsites.net/.auth/login/google/callback.
- For Authorized JavaScript Origins, use
Make a note of the App ID and the App Secret values to use in the Azure app configuration.
Important
The App Secret value is an important security credential. Don't share this secret with anyone or distribute it within a client application.
Add Google information to your application
On the Azure portal page for your app, select Authentication under Settings in the left navigation menu.
On the Authentication page, select Add identity provider, or select Add provider in the Identity provider section.
On the Add an identity provider page, select Google in the identity provider dropdown.
Enter the App ID and App Secret values you obtained previously.
If this is the first identity provider for the application, the App Service authentication settings section appears with settings such as how your application responds to unauthenticated requests. The default selections redirect all requests to sign in with the new provider.
If you already configured an identity provider for the app, this section doesn't appear. You can customize the settings later if necessary.
Select Add.
On the Authentication page, the Google provider now appears in the Identity provider section. You can edit the provider settings by selecting the pencil icon under Edit.
The Authentication settings section shows settings such as how the application responds to unauthenticated requests. You can edit these settings by selecting Edit next to Authentication settings. To learn more about the options, see Authentication flow.
The application secret is stored as a slot-sticky application setting named GOOGLE_PROVIDER_AUTHENTICATION_SECRET. You can see this setting on the App Settings tab of your app's Environment variables page in the portal. If you want to manage the secret in Azure Key Vault, you can update the setting to use Key Vault references.
Note
To add scopes, define the permissions your application has in the provider's registration portal. The app can request scopes that use these permissions at sign-in time.