Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, September 2, 2019 5:21 PM
Is it possible to create an ARM Template for deployment of logic app with integrated authorization of email account (O365 Outlook) connector. Can ARM Template be provided with user name and password of an email account and deployed silent or is this step manual and can be done only through Azure Portal(Authorize API connection and provide credentials using login popup).
Also found that this can be automated through powershell as part of CI/CD flow using "Show-OAuthWindow" command and provide the code for auth based on the credentials provided using login window.
All replies (2)
Tuesday, September 3, 2019 3:54 AM ✅Answered
ARM template to deploy a Logic App that sends mail via a office365 connector is as below.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"env_suffix": {
"defaultValue": null,
"type": "String"
}
},
"variables": {
"workflow_name": "[concat('GoMail', parameters('env_suffix'))]"
},
"resources": [
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"location": "[resourceGroup().location]",
"name": "office365",
"properties": {
"api": {
"id": "[concat(subscription().id,'/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/office365')]"
},
"displayName": "office365",
"parameterValues": {
}
}
},
{
"type": "Microsoft.Logic/workflows",
"name": "[variables('workflow_name')]",
"apiVersion": "2017-07-01",
"location": "westeurope",
"dependsOn": [
"[resourceId('Microsoft.Web/connections', 'office365')]"
],
"tags": {},
"scale": null,
"properties": {
"state": "Enabled",
"parameters": {
"$connections": {
"value": {
"office365": {
"connectionId": "[resourceId('Microsoft.Web/connections', 'office365')]",
"connectionName": "office365",
"id": "[concat(subscription().id,'/providers/Microsoft.Web/locations/westeurope/managedApis/office365')]"
}
}
}
},
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"actions": {
"Condition": {
"actions": {},
"else": {
"actions": {
"Condition_2": {
"actions": {
"Send_an_email_2": {
"inputs": {
"body": {
"Body": "@{base64ToString(triggerBody()?['payload'])}",
"From": "@triggerBody()?['from']",
"Importance": "Normal",
"IsHtml": true,
"Subject": "@triggerBody()?['subject']",
"To": "mailme@company.com"
},
"host": {
"connection": {
"name": "@parameters('$connections')['office365']['connectionId']"
}
},
"method": "post",
"path": "/Mail"
},
"runAfter": {},
"type": "ApiConnection"
}
},
"else": {
"actions": {
"Until": {
"actions": {
"Delay": {
"inputs": {
"interval": {
"count": 10,
"unit": "Second"
}
},
"runAfter": {
"Send_an_email_3": [
"Failed"
]
},
"type": "Wait"
},
"Send_an_email_3": {
"inputs": {
"body": {
"Body": "@{base64ToString(triggerBody()?['payload'])}",
"From": "noreply@company.com",
"Importance": "Normal",
"IsHtml": true,
"Subject": "@triggerBody()?['subject']",
"To": "@triggerBody()?['email']"
},
"host": {
"connection": {
"name": "@parameters('$connections')['office365']['connectionId']"
}
},
"method": "post",
"path": "/Mail"
},
"runAfter": {},
"type": "ApiConnection"
}
},
"expression": "@equals(outputs('Send_an_email_3')['statusCode'], 200)",
"limit": {
"count": 5,
"timeout": "PT5M"
},
"runAfter": {},
"type": "Until"
}
}
},
"expression": "@endswith(triggerBody()?['email'], 'integtest.com')",
"runAfter": {},
"type": "If"
}
}
},
"expression": "@equals(triggerBody()?['email'], 'ping')",
"runAfter": {},
"type": "If"
}
},
"contentVersion": "1.0.0.0",
"outputs": {},
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"manual": {
"inputs": {
"schema": {
"properties": {
"email": {
"type": "string"
},
"payload": {
"type": "string"
},
"subject": {
"type": "string"
}
},
"type": "object"
}
},
"kind": "Http",
"type": "Request"
}
}
}
}
}
]
}
At the moment, the Office365 API authorization works with the OAuth 2.0 Authorization Code Grant Type, which means, you can only get the authorization code by getting the user owning the mailbox to sign in to get the code. This behavior of the API is by design. Thus, there is no way to fully automate this.
You can create the connector in ARM and this article will show you how to make a connector of your choosing in an ARM template.
Also can’t authenticate the endpoint using the client_credentials flow which means you can’t authenticate the user in a none interactive way.
There is an example in GitHub which will handle the authentication for you but requires a user to log in.
Tuesday, September 3, 2019 4:53 AM
Thanks for sharing this information Dixit.