cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
lgtrn
Regular Visitor

How to connect custom API using own OAuth2 in Microsoft Power Automate?

I've been trying to connect Microsoft Power Automate to my API. My API has a OAuth2 Code Flow.
According to Power Automate, the connector can make a connection to my API. and execute a test. But the problem is that Microsoft sends a Bearer token that was generated by them, and not the one that I gave to them via OAuth2, resuting on my API giving a 401 Error (Invalid Token) as expected.


In the Power Automate Custom Connector page, in the security tab I have the following:

Authentication type

OAuth2.0

OAuth2.0 Settings

- Identity Provider: Generic OAuth2
- Client ID: SomeValue
- ClientSecrect: SomeValue
- Authorization URL: mydomain.com/auth/authorize
- Token URL: mydomain.com/auth/token
- Refresh URL mydomain.com/auth/token
- Redirect URL: microsoft-flow.com/redirect (Not the real one)


When Microsoft makes a POST request to "mydomain.com/auth/token", I return the following body:

 

{
access_token: "non JWT token", // simillar to a hash
refresh_token: "non JWT token",
expires_in: 3600
}

 


The request above is final request that microsoft before accepting as a valid connection. The token that microsoft sends me is a JWT one, not the one I provided.

I've seen some guys using Azure AD authentication within the APP, but I was trying to implement something simillar to other platoforms(e.g Github, Spotify, e.t.c)

So my question is it possible to connect Power Automate to a custom API using OAuth2? If yes, how to do it?

 

1 ACCEPTED SOLUTION

Accepted Solutions
lgtrn
Regular Visitor

I've done two steps to fix this problem:

 

Step 1

Previously my API returned the body with access_token, refresh_token and expires_in, but then I added scope and token_type. Example:

{
     access_token: "4468e5deabf5e6d0740cd1a77df56f67093ec943",
     refresh_token: "4fa483e6ab5ecec2eed4837cb0c3e0ef2292fe27",
     expires_in: 3600,
     scope: "none",
     token_type: "Bearer"
}

 

Step 2

Delete the custom connector and create new one with the same parameters. When I got to the "Test" section, Power automate finally could make the GET request successfully.

 

In my case, even if the API was updated, Power automate was still using the faulty token, so I had to delete the custom connector and create new one.

 

Conclusion

By updating the API and deleting the old custom connector, I was able to get the connector working.

View solution in original post

2 REPLIES 2
lgtrn
Regular Visitor

I've done two steps to fix this problem:

 

Step 1

Previously my API returned the body with access_token, refresh_token and expires_in, but then I added scope and token_type. Example:

{
     access_token: "4468e5deabf5e6d0740cd1a77df56f67093ec943",
     refresh_token: "4fa483e6ab5ecec2eed4837cb0c3e0ef2292fe27",
     expires_in: 3600,
     scope: "none",
     token_type: "Bearer"
}

 

Step 2

Delete the custom connector and create new one with the same parameters. When I got to the "Test" section, Power automate finally could make the GET request successfully.

 

In my case, even if the API was updated, Power automate was still using the faulty token, so I had to delete the custom connector and create new one.

 

Conclusion

By updating the API and deleting the old custom connector, I was able to get the connector working.

@lgtrn can you elaborate on this? Not sure I understand how to do your trick...

Edit: Scratch that, I've figured it out! I exported a Postman v2.1 collection with all requests using the OAuth2 authorization method. Crucially, I left out the manual refresh token request from the collection. Postman requires you to build a manual request to keep the token refreshed because it will not do that for you even though it has that convenient "Get New Access Token" button: 

HEATFreight_0-1639234343574.png

You must leave out any manual authorization or refresh requests that you might use in Postman. These are not necessary (nor will they even work) in the custom connector. So you export a v2.1 Postman collection of just the non-authentication-related requests that you want to include in your connector. Each of these needs to have a type of "OAuth 2.0" in the Authorization tab. I followed this guide.

You import the Postman collection into the Power Automate custom connector and proceed through the >General and >Security settings. Crucially, you must save the >Security settings before moving on. I never see this mentioned in tutorials, but if you don't do it, the client ID and secret as well as the Refresh URL will not be saved and you'll have to return to finish the >Security tab before you can actually "Update connector".

The interesting thing here is that no matter what you do, the Refresh URl field will wipe itself as if it did not accept your input, but rest assured this is the expected behavior.

Next tab is >Definition. The thing to remember about >Definition is that the conversion between the Swagger Editor and the Custom Connector user interface is broken. YOU CAN NOT TRUST IT TO CONVERT THE SWAGGER CODE PROPERLY! So here is what you do, follow the guide I linked above to edit the code in the Swagger Editor, and then click "Update connector" WHILE YOU STILL HAVE SWAGGER EDITOR TOGGLED ON! I never see any guides mention this part. If you switch back to the regular interface by toggling off the Swagger Editor, there is a chance something will break. You should be safe if you don't open any of the request parameters (like Path, Query, Headers, Body or any of their sub-fields), and clicking "Update connector" toggles off the Swagger Editor anyway, but definitely if you start opening any of those request parameter fields it will start breaking your Swagger code! I do think you can toggle off Swagger Editor before clicking "Update connector" and it will still work. It's mainly just opening the request parameters that begins to break the Swagger code.

One example is if you try using integers as default values for string types. The normal Custom Connector interface will error out if you give a string parameter an integer for a default value (say if your API requires a company ID # parameter). If you get this "integer as string" error, you can simply open the Swagger Editor and put single quotes around the affected default value integers. If you click "Update connector" while Swagger Editor is still toggled on, or at least without navigating back to the string parameter in question, the single quotes will remain intact and your default value will populate in the >Test tab and wherever you use the connector, like Power Automate. But the second you open the string parameter in the normal Custom Connector interface (i.e. Swagger Editor toggled off), **BAM** no more single quotes. After opening the string parameter which has an integer default value, toggle Swagger Editor back on again and you will see that the single quotes have disappeared from around the default value integer.

Off the top of my head, I'm not sure what other parts of the Swagger code breaks when you try editing the Custom Connector parmeters outside of the Swagger Editor, but suffice it to say something ain't right. Stick to the Swagger Editor and you should be fine.

I'm at T+1 day of QuickBooks Online API Custom Connector keeping itself refreshed. The OAuth2 authorization code flow and refresh tokens work great in Custom Connectors if you do it right. 

Helpful resources

Announcements
 WHAT’S NEXT AT MICROSOFT IGNITE 2022

WHAT’S NEXT AT MICROSOFT IGNITE 2022

Explore the latest innovations, learn from product experts and partners, level up your skillset, and create connections from around the world.

Register for a Free Workshop.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

Users online (1,825)