Azure Authentication using OpenID Against FusionAuth?
We have an FusionAuth instance that is the IDP for our web application. We would like to deploy content to Azure Blob Storage and use FusionAuth to control access to that content. However, everything we seem to find on the topic is about using FusionAuth to authenticate against Azure AD, which I don't think we want to do since our users live in FusionAuth and we have no presence in Azure AD at all.
For clarity, we would like the authentication to flow something like this:
- User logs into our web app and is authenticated via FusionAuth (this is in place already and working well)
- User requests URL which is a piece of content hosted in an Azure Storage Blob.
- Azure Storage Blog (or some intermediary) authenticates backs to FusionAuth to check whether the user is authorized for the piece of content or not.
Does anyone have any suggestions or pointers for what we're trying to do, or even if it's possible?
joshua last edited by
I will let my colleagues and community teammates chime in, having not written an Azure integration into FusionAuth as of yet. However, here is my two cents:
If FusionAuth is the source of record, you will want to review the documentation that Azure AD provides and see if you can call into FusionAuth via OAuth2 or SAML or JWT from them.
azure storage blob authentication via jwt tokenreturns many promising possibilities that look relevant.
Another wrinkle is that you are likely asking for a permissions-based model below:
Azure Storage Blog (or some intermediary) authenticates backs to FusionAuth to check whether the user is authorized for the piece of content or not.
This might require you to handroll your own solution or explore others that are prebuilt. Roles and groups are one area in FusionAuth that you could use to assign some level of access to your users. With some integration code, you could help your application determine what storage they should have access to.
I hope this helps and will post back if anything additional occurs to me.