cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Regular Visitor

Help me with authentication (please)

I want to put a PowerApp (or Flow, not exactly sure which yet) into SharePoint. Essentially I want to select an item in a list and do something with it's metadata.

 

The something I want to do involves POST’ing to a REST endpoint belonging to a web-app which is integrated with AzureAD for authentication.


I am struggling to work out how to authenticate with my PowerApp.

I have created an AppRegistration in AzureAd and enabled the ‘user_impersonation’ API, and Granted Trust to it.
The App is configured as a PublicClient.
So now, when I am *not* using PowerApps

  • If I am writing a desktop app in C# with Visual Studio I can call AcquireTokenInteractive (or AcquireTokenSilent) to retrieve an access token providing the AzureAD tenantId, AppId, and Scope.
  • With PowerShell I can do a similar thing using the MSAL.PS wrapper of MSAL, again easy.

 

The Access Token I am retrieving is a Bearer Token.

I use that Bearer Token to authenticate my called to the web-application’s REST endpoint.

 

When I am coming in from PowerApps (SharePoint), how do I:
1. Get the user currently signed in to Office365 (optional I guess)
2. Pass the details to AzureAD to Retrieve a token
The same coding paradigms I use above (loading MSAL.dll) does apply here, so what do I do?



1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Community Support
Community Support

Re: Help me with authentication (please)

Hi @whats_my_name ,

Do you want to use MSAL (Microsoft Authentication Library) in your canvas app?

 

Thanks for feedback. Unfortunately, the MSAL (Microsoft Authentication Library) is not supported in PowerApps canvas app currently. I afraid that the needs that you want to achieve has not been released in PowerApps.

 

If you would like this feature to be released and this feature to be in Roadmap, please consider submit an idea to PowerApps Ideas Forum:

https://powerusers.microsoft.com/t5/Power-Apps-Ideas/idb-p/PowerAppsIdeas

 

Best regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

10 REPLIES 10
Highlighted
Helper I
Helper I

Re: Help me with authentication (please)

Have you tried using a  custom connector? With custom connector you can connect to a custom API secured using AAD authentication.

 

Please have a look at this blog post and try this out. Do reach out if you need help. Thanks.

 

https://m365.kksimplifies.com/18ug5V

Highlighted
Regular Visitor

Re: Help me with authentication (please)

Thanks @kunalkankariya 

I read through the blog post and got to the point where I felt it is not the answer. 

When the blogger defined a custom connector, they supply a clientId and secret.

 

It's possible I am misunderstanding, but that is not the same as 'this' user (is it?). I need to generate a jwt bearer token for (for example) user@me.com and perform actions on the api as that user. 

 

Is the clientId/secret allowing some kind of pass-through authentication? ... even so, I don't see where I can get my jwt token to attach it to my api request...?

 

(edit: fixed horrible autocorrect typos)

Highlighted
Helper I
Helper I

Re: Help me with authentication (please)

@whats_my_name ,

 

Thank you for the response.

 

During this process you will be asked to login and consent to the (delegated) permissions. We aren't using app permissions here. You can then login with the ID you mentioned. The token returned will be in the context of the userid that you used to sign-in. I suggest you try this out and see if it works for you. Thanks.

Highlighted
Community Support
Community Support

Re: Help me with authentication (please)

Hi @whats_my_name ,

Do you want to get a Access_Token for current sign in user in your canvas app?

 

If you want to get a Access_Token for current sign in user in your canvas app, I afraid that there is no way to achieve your needs in PowerApps currently.

 

Currently, within PowerApps app, there is no way to define a custom JavaScript code or C# code to send HTTP request to acquire Access Token for current sign in user.

 

In addition, there is no function function supported in PowerApps to send HTTP request to acquire Access Token for current sign in user.

 

If you would like this feature to be added in PowerApps, please submit an idea to PowerApps Ideas Forum:

https://powerusers.microsoft.com/t5/Power-Apps-Ideas/idb-p/PowerAppsIdeas

 

Best regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Highlighted
Regular Visitor

Re: Help me with authentication (please)

 

Hi @v-xida-msft ,

 

I think this is the (disappointing) answer. 

 

"In addition, there is no function function supported in PowerApps to send HTTP request to acquire Access Token for current sign in user."

What about if I skip the requirement to use the 'current sign-in user' and put username/password boxes on my form? Can I hit in AppRegistration in AAD and get an access token that way? 

 

Highlighted
Community Support
Community Support

Re: Help me with authentication (please)

Hi @whats_my_name ,

Based on the needs that you mentioned, I think I have understood your needs correctly.

 

You mean you want to type Username and Password manually in your canvas app Text Box, and acquire the Access Token, right? I guess you want to send a HTTP request to your target server (e.g. AAD Identity Provider Server) along with the entered Username and Password, and get a access token from the server, is it right?

 

But within PowerApps, there is no direct function supported in PowerApps to send an HTTP request to target server. If you just want to send an HTTP request to your Target Server along with the entered Username and Password to get access token, as an alternative solution, I think the combination of PowerApps and Power Automate could achieve your needs.

 

You could consider fire a Power Automate flow from your canvas app, pass your entered Username and Password to the flow. Within the flow, you could add a "HTTP" action to send HTTP request to your Target Server to acquire Access Token, then you could return the acquired access token back to your canvas app.

 

The Flow's configuration may look like below:

2.JPG

 

3.JPG

Within your flow, you need to define two parameters using "Ask in PowerApps" dynamic content to receive the passed Username and Password value from your canvas app (just like above screenshot).

 

Within your canvas app, you need to create a connection to above flow, then set the OnSelect property of a button to following:

Set(AccessToken,'Your Flow Name'.Run(UsernameTextBox.Text, PasswordTextBox.Text).access_token)

4.JPG

After that, when press the button to fire your flow along with the entered Username and Password, the returned access token value would be stored in the AccessToken variable in your app, you could reference the access token value through the variable directly in your app.

 

More details about firing a flow from a canvas app, please check the following video:

https://www.youtube.com/watch?v=1wl9AtxWdkg

 

Best regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Highlighted
New Member

Re: Help me with authentication (please)

Thanks @v-xida-msft 

(MS has signed me in as a different user - same person)

 

I think you are on the right track, you're suggesting more-or-less what I am asking. I appreciate the detailed walk-through, I have basically built the steps you describe in a lab previously.

 

Where I am stuck on is how to actually get an access token from AAD. I mean the *real* mechanics of what to post where. 

 

When I do this in other apps/languages, I can use the MS ADAL libraries, but in PowerAutomate/Flow/PowerApps/etc, I can't use them (can I?) - so what do I do.

Highlighted
Community Support
Community Support

Re: Help me with authentication (please)

Hi @bananabread ,

Based on the issue that you faced, I think the following article would help in your scenario:

https://docs.microsoft.com/en-us/graph/auth/auth-concepts

 

The above article explain the *real* mechanics about how to acquire Access Token from AAD Identify Provider.

 

Best regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Highlighted
Regular Visitor

Re: Help me with authentication (please)

Hi @v-xida-msft 

As far as I can see, all other those scenarios use the MSAL libraries for authentication. 

 

Let's clear up a fundamental question: Is it possible to use the MSAL libraries from within the Power Platform? 

 

As I have thought through this, the idea of supplying a username and password form is not viable as the majority of AAD implementations use some for of MFA, so we also have to solve the problem of opening the MFA forms for the user and capturing their additional factors. 

 

Surely this is not an unsolved problem? It seems like a pretty generic use-case.

Helpful resources

Announcements
Community Conference

Power Platform Community Conference

Find your favorite faces from the community presenting at the Power Platform Community Conference!

Watch Now

Experience what’s next for Power Apps

See the latest Power Apps innovations, updates, and demos from the Microsoft Business Applications Launch Event.

Power Platform ISV Studio

Power Platform ISV Studio

ISV Studio is designed to become the go-to Power Platform destination for ISV’s to monitor & manage published applications.

secondImage

Power Platform 2020 release wave 2 plan

Features releasing from October 2020 through March 2021

Top Solution Authors
Top Kudoed Authors
Users online (7,805)