[Question] SWA + Azure Container Apps backend doing the auth

[christophwille]

The scenario is an unauthenticated SWA, with the ACA app doing the authentication "dance" with the IdP (redirecting to the IdP, being called by back by the IdP). Think SPA hosted on App Service, with the .NET part doing all OIDC.

Reading the documentation I am not sure if this is possible because https://learn.microsoft.com/en-us/azure/static-web-apps/apis-container-apps#unlink-a-container-app says "To prevent accidentally exposing your container app to anonymous traffic, the identity provider created by the linking process is not automatically deleted. " To me this sounds like my scenario might not be possible, or would this identity provider be on top of what I am doing?

Mostly what I want is an App Service-like scenario where I ignore EasyAuth and roll my own.

[thomasgauvin]

When you link a backend to Static Web Apps, we use various mechanisms to ensure the traffic to the backend is 'locked down' to the Static Web Apps resource depending on the backend. What you see regarding 'To prevent accidentally exposing your container app to anonymous traffic, the identity provider created by the linking process is not automatically deleted.' is that we use the authentication mechanism of the Container Apps to do this 'lock down'.

This should not conflict with you rolling your own authentication