Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article shows you how to configure Azure App Service or Azure Functions to use Google as an authentication provider.
To complete the procedure, you must have a Google account that has a verified email address. To create a new Google account, go to accounts.google.com.
Register your application with Google
Follow the Google documentation at Sign In with Google for Web - Setup to create a client ID and client secret. You don't need to make any code changes. Use the following information:
- For Authorized JavaScript Origins, use
https://<app-name>.azurewebsites.netwith the name of your app in <app-name>. - For Authorized Redirect URI, use
https://<app-name>.azurewebsites.net/.auth/login/google/callback.
- For Authorized JavaScript Origins, use
Copy the App ID and the App Secret values.
Important
The App Secret value is an important security credential. Don't share this secret with anyone or distribute it within a client application.
Add Google information to your application
Sign in to the Azure portal and go to your app.
Select Authentication on the left menu. Select Add identity provider.
Select Google in the identity provider dropdown. Paste in the App ID and App Secret values that you obtained previously.
The secret is stored as a slot-sticky application setting named
GOOGLE_PROVIDER_AUTHENTICATION_SECRET. You can later update that setting to use Key Vault references if you wish to manage the secret in Azure Key Vault.If this is the first identity provider configured for the application, you're also prompted with an App Service authentication settings section. Otherwise, you can move to the next step.
The App Service authentication settings values determine how your application responds to unauthenticated requests. The default selections will redirect all requests to sign in with this new provider. You can customize this behavior now or adjust these settings later from the main Authentication screen by choosing Edit next to Authentication settings. To learn more about these options, see Authentication flow.
Select Add.
Note
For adding scope: You can define what permissions your application has in the provider's registration portal. The app can request scopes at the time of sign-in, which use these permissions.
You're now ready to use Google for authentication in your app. The provider is listed on the Authentication screen. From there, you can edit or delete this provider configuration.