I'm working with a REST API that requires a JWT token created by Microsoft Entra ID. Users of my Angular app can log in and obtain an access token. I also have an Azure Function that is triggered by an Event Hub, and I need it to process data and send it to the protected API. How can my Azure Function securely obtain an access token to make an HTTP request to this API?
4 Answers
To authenticate your Azure Function and obtain a token, consider using a service principal. This is the most straightforward method to get an access token for your API calls.
You should enable managed identity for your Azure Function. Make sure your API is properly configured with the necessary scopes. With this setup, you can fetch the JWT token using Azure identity libraries and make calls to your API securely without storing any secrets.
First, you need to determine the identity provider your Angular app and API are using. If it's Microsoft Entra ID, you might need to implement the client credentials flow to obtain the access token, using either a client ID and secret or managed identities.
While this might not be exactly what you're looking for, I recommend using Azure Managed Identity. It helps avoid handling secrets directly. Your function can acquire the credentials and obtain a token easily. Just ensure that the identity has access to the resource. Here's a useful link for a tutorial on setting this up: https://learn.microsoft.com/en-us/azure/azure-functions/functions-identity-based-connections-tutorial-2
I totally agree! Managed identities are super secure and simplify handling permissions.