cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Regular Visitor

Creating a flow that requires oAuth2 authentication (with 2FA) to access protected API

I have a web app that requires oAuth2 authentication (with 2FA) to access. What I've attempted to do so far is use the Http with Azure AD connector:

 

image.png

 

This prompted me to authorize the client ID for Power Automate in my app registration, and I was able to get to the Invoke an HTTP request page. 

 

image.png

 

When I performed a GET request, I got error code 302 and the location in my headers showed login.microsoftonline.com/common/oauth2/v2.0/authorize. It seems like my API request is unauthenticated even though I have a connection that was logged in. When I looked at the URL for the login when adding a connection, it doesn't appear to be hitting the endpoint for my API. 

 

How would I be able to obtain an access token through flow to make my API requests? I tried to use a regular HTTP request, and was able to pass my username and password. However, this method won't work for me as we have 2FA setup that cannot be taken down (it's mandatory to have one). I would like to query my API, but it has oAuth2 authentication in place. I will need a JWT token to present as a bearer token if logging in is not enough to authenticate my API calls, but how would I extract this from the oAuth login?

 

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Community Support
Community Support

Re: Creating a flow that requires oAuth2 authentication (with 2FA) to access protected API

Hi @vsabado,

 

The HTTP response status code 302 Found is a common way of performing URL redirection. The HTTP/1.0 specification (RFC 1945) initially defined this code, and gave it the description phrase "Moved Temporarily" rather than "Found".

Please check the Base Resource URL and Azure AD Resource URI are correct when you create a new connection of HTTP with Azure AD.

And there is the document about Azure AD Graph API, it is completely introduction about Azure AD, hope it could help you:

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api-quickstar...

 

Best Regards,
Community Support Team _ Lin Tu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Highlighted
Regular Visitor

Re: Creating a flow that requires oAuth2 authentication (with 2FA) to access protected API

Solved using Custom Connector. Use OAuth2 as authentication, and Azure Active Directory.

View solution in original post

3 REPLIES 3
Highlighted
Community Support
Community Support

Re: Creating a flow that requires oAuth2 authentication (with 2FA) to access protected API

Hi @vsabado,

 

The HTTP response status code 302 Found is a common way of performing URL redirection. The HTTP/1.0 specification (RFC 1945) initially defined this code, and gave it the description phrase "Moved Temporarily" rather than "Found".

Please check the Base Resource URL and Azure AD Resource URI are correct when you create a new connection of HTTP with Azure AD.

And there is the document about Azure AD Graph API, it is completely introduction about Azure AD, hope it could help you:

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api-quickstar...

 

Best Regards,
Community Support Team _ Lin Tu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Highlighted
Regular Visitor

Re: Creating a flow that requires oAuth2 authentication (with 2FA) to access protected API

@v-litu-msft, thank you so much for the response.

 

For the Base Resource URL and Azure AD Resource URI, I used my Application ID URI (App registration -> Web app) for both. I know how to get an access token when authenticating against the graph API but I'm not sure if that would be useful in my situation. I would like to do is authenticate against my web app to obtain an access token that I can use to access the protected resources. 

 

A simple HTTP request is something that I tried, passing in my username/pass among other information. I had some success with this but because of 2FA in my account I received the error "AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access .... ". Since 2FA is mandatory for my workplace, I can't remove it from my microsoft account.

 

What I thought would work is to use HTTP with Azure AD. Login with Azure AD, and then make authenticated API calls. That unfortunately isn't working, since my calls are not authenticated (resulting in the redirect, with location pointing to login page). Is there a way to extract an access token from the login and use that as a bearer token?

Highlighted
Regular Visitor

Re: Creating a flow that requires oAuth2 authentication (with 2FA) to access protected API

Solved using Custom Connector. Use OAuth2 as authentication, and Azure Active Directory.

View solution in original post

Helpful resources

Announcements
firstImage

Super User Program Update

Three Super User rank tiers have been launched!

firstImage

Power Platform 2020 release wave 2 plan

Features releasing from October 2020 through March 2021

firstImage

New & Improved Power Automate Community Cookbook

We've updated and improved the layout and uploading format of the Power Automate Cookbook!

thirdimage

Power Automate Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

Top Solution Authors
Top Kudoed Authors
Users online (7,478)