title | description | ms.assetid | ms.topic | ms.date | ms.custom | author | ms.author |
---|---|---|---|---|---|---|---|
Configure Google authentication |
Learn how to configure Google authentication as an identity provider for your App Service or Azure Functions app. |
2b2f9abf-9120-4aac-ac5b-4a268d9b6e2b |
article |
03/29/2021 |
fasttrack-edit, AppServiceIdentity |
cephalin |
cephalin |
[!INCLUDE app-service-mobile-selector-authentication]
This topic shows you how to configure Azure App Service or Azure Functions to use Google as an authentication provider.
To complete the procedure in this topic, you must have a Google account that has a verified email address. To create a new Google account, go to accounts.google.com.
-
Follow the Google documentation at # with Google for Web - Setup to create a client ID and client secret. There's no need to make any code changes. Just use the following information:
- For Authorized JavaScript Origins, use
https://<app-name>.azurewebsites.net
with the name of your app in <app-name>. - For Authorized Redirect URI, use
https://<app-name>.azurewebsites.net/.auth/#/google/callback
.
- For Authorized JavaScript Origins, use
-
Copy the App ID and the App secret values.
[!IMPORTANT] The App secret is an important security credential. Do not share this secret with anyone or distribute it within a client application.
-
# to the Azure portal and navigate to your app.
-
Select Authentication in the menu on the left. Click Add identity provider.
-
Select Google in the identity provider dropdown. Paste in the App ID and App Secret values that you obtained previously.
The secret will be stored as a slot-sticky application setting named
GOOGLE_PROVIDER_AUTHENTICATION_SECRET
. You can update that setting later to use Key Vault references if you wish to manage the secret in Azure Key Vault. -
If this is the first identity provider configured for the application, you will also be prompted with an App Service authentication settings section. Otherwise, you may move on to the next step.
These options determine how your application responds to unauthenticated requests, and the default selections will redirect all requests to log in with this new provider. You can change customize this behavior now or adjust these settings later from the main Authentication screen by choosing Edit next to Authentication settings. To learn more about these options, see Authentication flow.
-
Click Add.
Note
For adding scope: You can define what permissions your application has in the provider's registration portal. The app can request scopes at login time which leverage these permissions.
You are now ready to use Google for authentication in your app. The provider will be listed on the Authentication screen. From there, you can edit or delete this provider configuration.
[!INCLUDE app-service-mobile-related-content-get-started-users]