![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 54%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
hi,
that is a fantastic question. moving from that shared access signature sig) to proper oauth is a huge step up for security. great call.
you need to enable azure active directory authentication on your http trigger. it is not enabled by default when you use the built in sig. here is how you do it step by step.
open your logic app in the designer. click on the 'http request' trigger to open its settings. look for the 'authentication' section and click to expand it. toggle the 'add azure active directory authorization' option to on. this reveals the settings you need.
now, you need to fill in the details from your app registration. the 'audience' field is super important. this should be the application id uri from your app registration in entra id. it usually looks like api://your-app-id. also, you need to specify the 'tenant id' where your app is registered. our docs here explain it well https://learn.microsoft.com/azure/logic-apps/logic-apps-securing-a-logic-app
also, check this. in your app registration, you need to make sure you have configured the right permissions. for your logic app to accept tokens, the app registration needs to have the user_impersonation permission exposed. this might help in other tools too when dealing with oauth.
now, to test from postman, you cannot just use the trigger url anymore. you need to get an access token first. in postman, go to the authorization tab for your request. select 'oauth 2.0' as the type. then, fill in the details.
token url: https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token
client id: your application id
client secret: the secret you created
scope: api://your-app-id/.default
grant type should be client credentials. click 'get new access token' and then use that token in your request header.
aha, and one more thing. after you enable aad auth, the original sig url will stop working. this is a good thing. it means your api is now locked down to only requests with a valid token.
good luck. this setup is a bit detailed, but it makes your logic app so much more secure. you are doing the right thing. let me know if you hit any snags.
Best regards,
Alex
and "yes" if you would follow me at Q&A - personaly thx.
P.S. If my answer help to you, please Accept my answer
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)