1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from azure.identity import DefaultAzureCredential
from azure.mgmt.web import WebSiteManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-web
# USAGE
python update_auth_settings_v2.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = WebSiteManagementClient(
credential=DefaultAzureCredential(),
subscription_id="34adfa4f-cedf-4dc0-ba29-b6d1a69ab345",
)
response = client.web_apps.update_auth_settings_v2(
resource_group_name="testrg123",
name="sitef6141",
site_auth_settings_v2={
"properties": {
"globalValidation": {
"excludedPaths": ["/nosecrets/Path"],
"requireAuthentication": True,
"unauthenticatedClientAction": "Return403",
},
"httpSettings": {
"forwardProxy": {
"convention": "Standard",
"customHostHeaderName": "authHeader",
"customProtoHeaderName": "customProtoHeader",
},
"requireHttps": True,
"routes": {"apiPrefix": "/authv2/"},
},
"identityProviders": {
"google": {
"enabled": True,
"login": {"scopes": ["admin"]},
"registration": {
"clientId": "42d795a9-8abb-4d06-8534-39528af40f8e.apps.googleusercontent.com",
"clientSecretSettingName": "ClientSecret",
},
"validation": {"allowedAudiences": ["https://example.com"]},
}
},
"login": {
"allowedExternalRedirectUrls": ["https://someurl.com"],
"cookieExpiration": {
"convention": "IdentityProviderDerived",
"timeToExpiration": "2022:09-01T00:00Z",
},
"nonce": {"validateNonce": True},
"preserveUrlFragmentsForLogins": True,
"routes": {"logoutEndpoint": "https://app.com/logout"},
"tokenStore": {
"enabled": True,
"fileSystem": {"directory": "/wwwroot/sites/example"},
"tokenRefreshExtensionHours": 96,
},
},
"platform": {"configFilePath": "/auth/config.json", "enabled": True, "runtimeVersion": "~1"},
}
},
)
print(response)
# x-ms-original-file: specification/web/resource-manager/Microsoft.Web/stable/2024-04-01/examples/UpdateAuthSettingsV2.json
if __name__ == "__main__":
main()
|
