Unanswered

New Feature: When a HTTP Request is Received Trigger - OAuth - PowerAutomate

(0) Share

Report

Posted on by davidyc

I would like to add OAuth to the 'When a HTTP Request is Received' flow trigger. However I cannot find exactly what the claim definition values should be.

Can anyone help with a request example that would work with this trigger with the 'anyone in my tenant' authentication?

The OAuth claim I can't find the value for is the following:

"iss": <Issuer of the requestor>

Categories:

Building Power Apps

I have the same question (0)

All responses (6)

Answers (0)

SurfaceWear 186 on at

Like (0)

Report

Hi @davidyc did you find a solution for this?
I posted basically the same question here in the Power Automate community and haven't got an answer yet.
Run a flow with a HTTP Request Trigger restricted ... - Power Platform Community (microsoft.com)

Was this reply helpful? Yes No
davidyc 99 on at

Like (1)

Report

@tfraser unfortunately not. I imagine it is a very easy for someone who understands how to use Azure OAuth in code, but we are getting stuck with errors on missing claims even when we have all required claims included. Ideally I need written examples of what to include in the header and body for the token request (using client credentials) and the API call to the flow itself.

I will gladly share any new discoveries here.

Was this reply helpful? Yes No
davidyc 99 on at

Like (0)

Report

I've just got this working... I noticed from another thread that someone is using scope as https://service.flow.microsoft.com//.default (notice the double forward slash) when getting the token.

When making the api call, you include the following in the body of your request:

"aud": "https://service.flow.microsoft.com/"
"tid": "{your_tenant_id}"
"iss": "https://service.flow.microsoft.com/{your_tenant_id}/"

Was this reply helpful? Yes No
SurfaceWear 186 on at

Like (0)

Report

I'm glad you got this working @davidyc . Unfortunately I think I'm a few steps behind you. Either that or I'm using a totally different method? If you could add a screenshot of your request that would really help!

How are you sending the request - are you using an HTTP step in a flow?

Here is my test flow with an HTTP trigger:

and here is the Step I'm trying to use to trigger the above:
However when I run this I get a 'bad request' response with a default error page:

Was this reply helpful? Yes No
davidyc 99 on at

Like (1)

Report

Since you're looking to make the call from a flow you should use this article: P1 - Securing "When an HTTP Request is Received" trigger in Power Automate (bythedevs.com). I'm making the calls from React Js, so my tests are in postman. They are pretty much exactly as I've described above.

Your starting point should be to change the connector you're using from 'HTTP' to 'HTTP with Azure AD':

The scope value is only required in that format when making a get token request.

Was this reply helpful? Yes No
SurfaceWear 186 on at

Like (0)

Report

Thanks so much for the link to that article @davidyc
This lead me to P2 - Securing "When an HTTP Request is Received" trigger in Power Automate (bythedevs.com) which goes into a bit more detail on how to enable this for a specific user.

It's not at all obvious that we should have to register an app in Azure AD / Entra ID for this to work, at least not for me as I've never had to do that for anything else in Power Automate.

It took me a while to figure out because I had the 'asyncrhonous' setting turned on for the connector and kept getting an error

{
  "error": {
  "code": "DirectApiInvalidAuthorizationScheme",
  "message": "The provided authentication token is not valid. Only 'basic' or 'bearer' type of token is supported."
}
}

Once I turned off asynchronous responses everything worked!

Was this reply helpful? Yes No