How to use Oauth 2.0 Authorization in Logic App's HTTP connector?

Question

There is an API that I need to iteratively return data from in an Azure Logic App. To do this I need two HTTP steps, 1 to receive an access token and the other to use the token to be returned the data. Unfortunately, I can only receive the token through Oauth 2.0 Authorization and Azure Logic App does NOT have that authorization feature built into the connector (But I see Active Directory OAuth which seems different). Is there any way around this?

Trying to achieve the below. But the only concern I have is with Step 2: Logic doesn't have Oauth 2.0 Authorization

The available OAuth Authentication option is OAuth Active Directory which is specific to Azure and my requirement is for an external URL which only has client Id & client secret information

Answer 1

Hello @Vivek Komarla Bhaskar - Yes, you'll need two HTTP actions with the Parse JSON action in the middle.

1. Use the first HTTP action for fetching the access token. You don't need to toggle the Authentication type dropdown (as shown in your screenshot) in the HTTP action because, as you saw, the built-in authentication supports Azure AD only. Since the API that you want to get data from is protected with a different Identity provider, you'll need to use this HTTP action to construct a request for its token endpoint with parameters required for client_credential flow, aka two-legged Oauth flow or service-to-service authentication. The specific parameters required for constructing this request may vary by the specific Identity Provider. Typically, you'll need the following details: tenant, client_id, client_secret, grant_type and the scope with their corresponding values. Here's an example I put together:
   
2. Once you have constructed the request above correctly, the token endpoint should return the access token (in JSON format) back to the HTTP action. You'll need an easier way to get the access token from the JSON response so that you can include it in the second HTTP action for getting data from the API. That is where the Parse JSON action comes in handy:
   
3. With the 2 actions above in place, you can now work on the second HTTP action which actually is for making the request with the valid access token to the target API from which you'd like to get the data. Note that the access token is now available in Dynamic Content and you'll need to set pass it in a Authorization header in Bearer <access token> format, as shown below:
4. If everything above is configured correctly, the data from the API should now be available in the subsequent actions of your Logic Apps workflow.

Not sure if you came across these but here are some resources that may help and offer context:

• Blog post: How to pass a Bearer Token using Azure Logic Apps
• Client Credentials flow.
• As mentioned how the exact parameters for Client Credentials flow may vary by the Identity Providers, here's an example where the same technique is used with Logic Apps Standard and Twitter token endpoint: Authenticate Standard Logic Apps using OAuth 2.0 Bearer Token

I hope the answer above is helpful, feel free to let me know if you have any questions.