data-api-builder icon indicating copy to clipboard operation
data-api-builder copied to clipboard
verified publisher icon Azure

DAB Azure Static Website Proxy Request - Help

Open DalSoft opened this issue 1 year ago • 1 comments

Sorry to post an issue here, but can't find answer to this.

My requirements are pretty simple I have Azure functions and DAB connected to my Azure Static Website.

I want to proxy all requests (I have this part working) to DAB via Azure functions, the functions handle validation and business logic.

I don't want DAB exposed to the public only to my Azure functions. I do want to be able to proxy auth and authz to / from DAB. So I can't simply use a role to lock it down as I want to surface authz errors back to the users via the functions.

Any pointers on how I achieve the above, thanks.

DalSoft avatar Jul 17 '24 10:07 DalSoft

I believe SWA Database Connections feature only allow to lock down DAB via role permissions (SWA has endpoint routing config where you can set which roles are allowed to access data-api/* endpoints.

  • What identity(s) is your function app using to call DAB? your function will probably need to acquire an access token on behalf of the user in order to call dab. DAB doesn't perform any form of token acquisition. DAB validates tokens provided in the request to ensure the user is authenticated. So it is up to your function to provide the correct token.

seantleonard avatar Jul 25 '24 22:07 seantleonard