How to secure Azure functions with OAuth for both humans and machines?

Question

I have a functions app in azure that both a machine (client credential flow) and humans (authorization code flow) need to be able to authorize/authenticate against.

Initially I was using easy-auth, Azures out-of-the-box solution for securing functions apps. However according to this https://stackoverflow.com/a/57357226/7411328 it's not possible to use the client credentials flow with easy auth. Although I don't understand why this is. Why is it not possbile to use the same authority for two different flows with a single app registration?

Making the assumption (perhaps incorrectly) that the above is true and I have to implement JWT validation on my own.

Is there any reliable way to tell whether an API is being called by a machine or by a human?

Should I still do it with two seperate app registrations?

My understanding of these technologies might inadequate to properly ask the question, please let me know if I can do anything to clarify the question.

Answer 1

As far as I know, you can use client credentials flow to call an Azure function that protected by easy-auth(AAD as auth provider).Generally ,you can try the steps below :

1. Register an Azure AD App
2. Getting an access token from Azure AD by request below :

URL:

POST https://login.microsoftonline.com/<your tenant ID/name>/oauth2/token

Header:

Content-Type: application/x-www-form-urlencoded

Body:

client_id=<your new resistered app ID>&
client_secret=<your new resistered app secret>&
resource=<your Azure function app ID which configed at easy-auth>&
grant_type=client_credentials

Result:

Use this access token to call Azure function :

If you are using Azure AD b2c , pls provide me with more detailed infos , and I'll do some research for you .