cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Roger365
Level: Powered On

HTTP OAuth with Client Secret

Hi

following scenario. I connect to the graph-API with an App from Azure AD.

For that i got an AppId and a client secret.

I configured the HTTP activity and all works fine.

 

But, why do i see the client-secret as plaintext in the "Secret" field?

If i would share my FLOW the other users, they will also get the client-secret. Why is that field not of type "password"? (So the value will not shown as plain-text.)

At now, the secret can be reused and for me its a security issue.

 

thx

 

secret.png

2 REPLIES 2
Super User
Super User

Re: HTTP OAuth with Client Secret

Hi @Roger365 , thank you for your post.

In simple terms this is a plain text field not password and this is why you see it(as you know). But there are several ways to make the data less obvious and below is the way I favour when doing the same Graph calls.Capture-303.png

{
    "TenantID": "<TenantID>",
    "ClientID": "<ClientID>",
    "SecretID": "<SecretID>",
    "Authority": "https://login.microsoft.com/",
    "Audience": "https://graph.microsoft.com",
    "OpenFilter": "?$filter=subject eq '",
    "CloseFilter": "'"
}

Click "Use sample payload to generate schema" to generate your schema from what you enter.

This means when it comes to populating all of the fields, not just the secret you return the variables, like the image below:Capture-304.png

This is the method I favour.

 

If you have found my post helpful, please mark thumbs up.

If this post has solved your problem, please click "Accept as Solution".

Any other questions, just ask.

Thanks, Alan


Did I answer your question? Mark my post as a solution!

Proud to be a Flownaut!


Super User
Super User

Re: HTTP OAuth with Client Secret

Hi @Roger365 

As a further enhanced method, have a look at this:

https://www.alanps1.io/power-platform/flow/flow-the-sweetest-graph-call-youve-ever-seen-hiding-data-...

I thought it best to put this approach out there before replying hence making it easier to follow.

Please let me know your thoughts.

 

If you have found my posts helpful, please mark them thumbs up.

 

If this post has solved your problem, please click "Accept as Solution".

Any other questions, just ask.

Thanks, Alan


Did I answer your question? Mark my post as a solution!

Proud to be a Flownaut!


Helpful resources

Announcements
thirdimage

Power Automate Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

firstImage

Incoming: New and improved badges!

We've given our badges an overhaul and also added some brand new ones!

fifthimage

Microsoft Learn

Learn how to build the business apps that you need.

sixthImage

Power Platform World Tour

Find out where you can attend!

seventhimage

Webinars & Video Gallery

Watch & learn from the Power Automate Community Video Gallery!

Top Kudoed Authors
Users Online
Currently online: 130 members 5,276 guests
Recent signins:
Please welcome our newest community members: