cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Regular Visitor

Creating a flow that requires oAuth2 authentication (with 2FA) to access protected API

I have a web app that requires oAuth2 authentication (with 2FA) to access. What I've attempted to do so far is use the Http with Azure AD connector:

 

image.png

 

This prompted me to authorize the client ID for Power Automate in my app registration, and I was able to get to the Invoke an HTTP request page. 

 

image.png

 

When I performed a GET request, I got error code 302 and the location in my headers showed login.microsoftonline.com/common/oauth2/v2.0/authorize. It seems like my API request is unauthenticated even though I have a connection that was logged in. When I looked at the URL for the login when adding a connection, it doesn't appear to be hitting the endpoint for my API. 

 

How would I be able to obtain an access token through flow to make my API requests? I tried to use a regular HTTP request, and was able to pass my username and password. However, this method won't work for me as we have 2FA setup that cannot be taken down (it's mandatory to have one). I would like to query my API, but it has oAuth2 authentication in place. I will need a JWT token to present as a bearer token if logging in is not enough to authenticate my API calls, but how would I extract this from the oAuth login?

 

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Community Support
Community Support

Hi @vsabado,

 

The HTTP response status code 302 Found is a common way of performing URL redirection. The HTTP/1.0 specification (RFC 1945) initially defined this code, and gave it the description phrase "Moved Temporarily" rather than "Found".

Please check the Base Resource URL and Azure AD Resource URI are correct when you create a new connection of HTTP with Azure AD.

And there is the document about Azure AD Graph API, it is completely introduction about Azure AD, hope it could help you:

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api-quickstar...

 

Best Regards,
Community Support Team _ Lin Tu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Highlighted
Regular Visitor

Solved using Custom Connector. Use OAuth2 as authentication, and Azure Active Directory.

View solution in original post

4 REPLIES 4
Highlighted
Community Support
Community Support

Hi @vsabado,

 

The HTTP response status code 302 Found is a common way of performing URL redirection. The HTTP/1.0 specification (RFC 1945) initially defined this code, and gave it the description phrase "Moved Temporarily" rather than "Found".

Please check the Base Resource URL and Azure AD Resource URI are correct when you create a new connection of HTTP with Azure AD.

And there is the document about Azure AD Graph API, it is completely introduction about Azure AD, hope it could help you:

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api-quickstar...

 

Best Regards,
Community Support Team _ Lin Tu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Highlighted

@v-litu-msft, thank you so much for the response.

 

For the Base Resource URL and Azure AD Resource URI, I used my Application ID URI (App registration -> Web app) for both. I know how to get an access token when authenticating against the graph API but I'm not sure if that would be useful in my situation. I would like to do is authenticate against my web app to obtain an access token that I can use to access the protected resources. 

 

A simple HTTP request is something that I tried, passing in my username/pass among other information. I had some success with this but because of 2FA in my account I received the error "AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access .... ". Since 2FA is mandatory for my workplace, I can't remove it from my microsoft account.

 

What I thought would work is to use HTTP with Azure AD. Login with Azure AD, and then make authenticated API calls. That unfortunately isn't working, since my calls are not authenticated (resulting in the redirect, with location pointing to login page). Is there a way to extract an access token from the login and use that as a bearer token?

Highlighted
Regular Visitor

Solved using Custom Connector. Use OAuth2 as authentication, and Azure Active Directory.

View solution in original post

Highlighted

@vsabado 

 

I know it's been a while since this post was last updated, but would you happen to have any more info on creating this custom connector to use OAuth2 and AAD?  I'm currently trying to create a flow where the trigger is "When a HTTP request is received" so we can receive information.  The company sending us information will use OAuth authentication, but i can't figure out how to make it work.  Any help would be greatly appreciated.

Helpful resources

Announcements
Community Conference

Power Platform Community Conference

Check out the on demand sessions that are available now!

Power Platform ISV Studio

Power Platform ISV Studio

ISV Studio is designed to become the go-to Power Platform destination for ISV’s to monitor & manage published applications.

Top Solution Authors
Top Kudoed Authors
Users online (8,914)