cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Roger365
Level: Powered On

HTTP OAuth with Client Secret

Hi

following scenario. I connect to the graph-API with an App from Azure AD.

For that i got an AppId and a client secret.

I configured the HTTP activity and all works fine.

 

But, why do i see the client-secret as plaintext in the "Secret" field?

If i would share my FLOW the other users, they will also get the client-secret. Why is that field not of type "password"? (So the value will not shown as plain-text.)

At now, the secret can be reused and for me its a security issue.

 

thx

 

secret.png

2 REPLIES 2
Super User
Super User

Re: HTTP OAuth with Client Secret

Hi @Roger365 , thank you for your post.

In simple terms this is a plain text field not password and this is why you see it(as you know). But there are several ways to make the data less obvious and below is the way I favour when doing the same Graph calls.Capture-303.png

{
    "TenantID": "<TenantID>",
    "ClientID": "<ClientID>",
    "SecretID": "<SecretID>",
    "Authority": "https://login.microsoft.com/",
    "Audience": "https://graph.microsoft.com",
    "OpenFilter": "?$filter=subject eq '",
    "CloseFilter": "'"
}

Click "Use sample payload to generate schema" to generate your schema from what you enter.

This means when it comes to populating all of the fields, not just the secret you return the variables, like the image below:Capture-304.png

This is the method I favour.

 

If you have found my post helpful, please mark thumbs up.

If this post has solved your problem, please click "Accept as Solution".

Any other questions, just ask.

Thanks, Alan


Did I answer your question? Mark my post as a solution!

Proud to be a Flownaut!


Super User
Super User

Re: HTTP OAuth with Client Secret

Hi @Roger365 

As a further enhanced method, have a look at this:

https://www.alanps1.io/power-platform/flow/flow-the-sweetest-graph-call-youve-ever-seen-hiding-data-...

I thought it best to put this approach out there before replying hence making it easier to follow.

Please let me know your thoughts.

 

If you have found my posts helpful, please mark them thumbs up.

 

If this post has solved your problem, please click "Accept as Solution".

Any other questions, just ask.

Thanks, Alan


Did I answer your question? Mark my post as a solution!

Proud to be a Flownaut!


>