Azure Logic Apps - unable to get Token from Azure AD (authorize call not working)

Andre Van Zyl 1 Reputation point
2020-06-11T07:26:04.207+00:00

Need to call an API with an OAUTH bearer token from internal Azure AD.

To get token I need to first call our oauth2/v2.0/authorize end point to retrieve a code that is needed for the oauth2/v2.0/token end point call to generate the bearer token.

With the authorise call I can execute the call from my Chrome browser (while signed in to AD) and get the code.

When I try the same from Logic Apps I get a 200 response, however it does not return the code - instead I get a message in the response stating "<title>Sign in to your account</title>". I get the same response if I run the same call from Postman for example when not signed in.

So assuming the issue is that my Logic App needs to be authenticated to our Azure AD. So created a managed identity for this, however not sure what else is needed to ensure my Logic App is authenticated before making the authorize API call.

Any advise would be much appreciated.

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,838 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,437 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. soumi-MSFT 11,716 Reputation points Microsoft Employee
    2020-06-11T08:09:27.7+00:00

    anonymous user, Thank you for reaching out. Since you are using Logic Apps, hence the OAuth flow that would be used here would be the Client_Credentials flow and not Authorization_Code_Grant Flow of OAuth.

    To explain this further, for your Logic App to fetch a token from AAD, and then use that token further to call any api, for eg: Microsoft Graph API, the token would be requested by the application in its context and then use that token to call further APIs. It would be completely a non-interactive logon session and hence client_credentials flow of OAuth would be used here. The main steps to use Logic Apps and to get a bearer token from AAD would be:

    • Register an application in AAD.
    • Add the necessary permission for your API in that App Registration.
    • Create a client secret and copy it.
    • Copy the client ID/application ID for the app registration.

    Now for the logic app you can configure follow the steps below:

    1. In your Logic App click Add step
    2. Choose the standard HTTP action
    3. Set the values as follows: 9862-logicapp.png
    4. Save the Logic App a. Run the Logic App

    Hope this helps. Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

  2. Nigel Price 1 Reputation point
    2021-03-23T13:29:40.937+00:00

    Hi
    How does it work if the trigger is a SharePoint trigger eg When a list is updated ?

    CAn I do the above http call before the trigger ?

    Service Accounts are banned where I work.

    Regards

    Nigel

    0 comments