Jun 05 2019 11:42 PM - edited Jun 05 2019 11:44 PM
I am creating a SPFX webpart that will consume an Azure Function and the Azure Function is configured for AAD authentication. Very similar to the steps described in this blog post by @Vardhaman Deshpande. I am using the same web api permissions as described in the blog (user_impersonation and Windows Azure Active Directory, User.Read).
My question is whether I should use isolated webpart option? The Azure Function is exposing a very limited functionality and the site/page where the SPFX webpart will be hosted is managed by our team so no risks of sniffing access tokens. What are the risks when not using isolated webpart? If the only risk that other SPFX webpart can consume this specific Azure Function?
Thx!
Update: Link to blogpost added.
Jun 10 2019 07:51 PM