Failure of office365 API connection authentication/authorization due to cross api connection in logic apps

Ashish Jain 21 Reputation points
2020-08-20T09:49:19.983+00:00

Hi Team,

I am facing issue of re-authentication and authorization issue into logic app deployment using ARM template. I have found several solutions but none of them worked for me. Actually my requirement is slightly different, which I am writing below.

Introduction
We are working for our client and our client do not have office365 complete subscription. We had introduced solution to my client with logic apps.
We have several logic apps in that we are using office365 connectors for notification and upload data on SharePoint, these connector are authenticated with my organization's credentials while this entire logic app is deployed at my client's Azure Cloud. In brief, these logic apps are hybrid logic apps which means logic apps have office365 connector of my company and this logic app deployed in client's Azure cloud environment.
Issue
We are facing issue whenever we deploy logic app's arm template, logic apps ask for the authentication for office365 steps.
I followed following documentations and solutions but didn't worked for me due to hybrid solution.

After hit and try above solutions, I come to know all solutions are correct but it wouldn't work in my case because I am using hybrid connection in a logic app.

Please let me know if anyone has a solution of this issue.

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
1,822 questions
{count} votes

Accepted answer
  1. JayaC-MSFT 5,481 Reputation points
    2020-08-26T10:50:30.477+00:00

    @Ashish Jain Thank you for sharing the details offline. From the details it seems the execution is failing for the share point online connector. I have discussed this internally and figured that in PowerAutomate or LogicApps scenario, connection is created before it is possible to know what tenant user is going to access so the only option defaults to the user’s home tenant as today. By default, the token generated for authentication will correspond to user’s root site – both audience and tenantId. Later, connector can exchange the token for different audience (for X-Geo scenarios) but tenantId will remain same. That is how it works today and there is no workaround. As of now, there is no way to access non-home tenants from PowerAutomate/LogicApps. We are currently taking this up with the concerned team to check we can get this added in the document.

    Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

    No comments

0 additional answers

Sort by: Most helpful