Using this article I configure my Azure function app to require users to authenticate in Entra ID.
It works fine but the steps involve creating a client secret, stored in the function app.
Can I use the managed identity of the function app instead?
Reason: Beside the obvious security reasons, I automate the whole creation of the function app using Bicep and azd, and creating secrets returned as output in Bicep is a very bad idea.
Edit: Here is my azd function app project: https://github.com/Yvand/azd-function-spfx-custom-api/tree/main/azure-function-app
Using the function app's managed identity (instead of a creating secret) is now available in preview, as documented in a section added recently to the article I mentioned in my question.
It works by adding the managed identity as a federated identity credential in the app registration. I implemented it in my azd template and it works like a charm (despite it is advertised as a preview at the date of this posting).