Incorporated OIDC for authenticating towards Azure in GH Action

Author: hvalfangst

hvalfangst_function/function_app.py

@@ -1,11 +1,8 @@
-import json
 import logging
-import os
-from io import StringIO
-
-import azure.functions as func
-import jwt
+import json
 import pandas as pd
+import azure.functions as func
+from io import StringIO
 from sklearn.preprocessing import LabelEncoder
 
 # Decree and declare our project as an Azure Function App subsidiary
@@ -63,25 +60,10 @@ def blob_trigger(inbound: func.InputStream, outbound: func.Out[str]):
         return f"Error: {str(e)}"
 
 
-def validate_jwt(token: str, audience: str) -> bool:
-    try:
-        decoded = jwt.decode(token, audience=audience, options={"verify_signature": False})
-        # Optionally check claims like roles or scopes
-        return True
-    except Exception as e:
-        logging.error(f"JWT validation failed: {e}")
-        return False
-
-
 @app.route(route="upload_csv", auth_level=func.AuthLevel.ANONYMOUS)
-@app.blob_output(arg_name="outbound", path="hvalfangstcontainer/in/input.csv", connection="AzureWebJobsStorage")
+@app.blob_output(arg_name="outbound", path="hvalfangstcontainer/in/input.csv", connection="") # AzureWebJobsStorage
 def upload_csv(req: func.HttpRequest, outbound: func.Out[str]) -> str:
     try:
-
-        token = req.headers.get("Authorization").split(" ")[1]  # Extract Bearer token
-        if not validate_jwt(token, audience=os.environ.get("FUNCTION_APP_CLIENT_ID")):
-            return func.HttpResponse("Unauthorized", status_code=401)
-
         logging.info("Received HTTP request to upload CSV")
 
         # Parse raw bytes derived from request body to string