Enable authentication and authorization in Azure Container Apps with GitHub
This article shows how to configure Azure Container Apps to use GitHub as an authentication provider.
To complete the procedure in this article, you need a GitHub account. To create a new GitHub account, go to GitHub.
Register your application with GitHub
Sign in to the Azure portal and go to your application. Copy your URL. You use it to configure your GitHub app.
Follow the instructions for creating an OAuth app on GitHub. In the Authorization callback URL section, enter the HTTPS URL of your app and append the path
/.auth/login/github/callback
. For example,https://<hostname>.azurecontainerapps-dev.cn.io/.auth/login/github/callback
.On the application page, make note of the Client ID, which you need later.
Under Client Secrets, select Generate a new client secret.
Make note of the client secret value, which you need later.
Important
The client secret is an important security credential. Do not share this secret with anyone or distribute it with your app.
Add GitHub information to your application
Sign in to the Azure portal and navigate to your app.
Select Authentication in the menu on the left. Select Add identity provider.
Select GitHub in the identity provider dropdown. Paste in the
Client ID
andClient secret
values that you obtained previously.The secret is stored as a secret in your container app.
If you're configuring the first identity provider for this application, you also see a Container Apps authentication settings section. Otherwise, you can move on to the next step.
These options determine how your application responds to unauthenticated requests. The default selections redirect all requests to sign in with this new provider. You can change customize this behavior now or adjust these settings later from the main Authentication screen by choosing Edit next to Authentication settings. To learn more about these options, see Authentication flow.
Select Add.
You're now ready to use GitHub for authentication in your app. The provider is listed on the Authentication screen. From there, you can edit or delete this provider configuration.
Working with authenticated users
Use the following guides for details on working with authenticated users.