I was having an issue figuring out where a request was coming from. A user would receive an actionable email and click on a specific action (Close or Ignore). This action would trigger a flow, but I had no way to know who triggered the flow as HTTP triggers don't require any kind of authentication.
As it turns out, the header contains a property called "Action-Authorization". This is a jwt token. By splitting it into the three parts of a jwt token, you can get the "sub" property from the Payload section (the second section). This contains the email address of the person who received the actionable email.
Header schema:
{
"type": "object",
"properties": {
"Connection": {
"type": "string"
},
"Expect": {
"type": "string"
},
"Host": {
"type": "string"
},
"User-Agent": {
"type": "string"
},
"Card-Correlation-Id": {
"type": "string"
},
"Message-Id": {
"type": "string"
},
"Action-Request-Id": {
"type": "string"
},
"Identity-Linking-Redirect-Url": {
"type": "string"
},
"Action-Authorization": {
"type": "string"
},
"Content-Length": {
"type": "string"
},
"Content-Type": {
"type": "string"
}
}
}
You'll need to strip the "Bearer " value from the header value to get just the token:
replace(body('Parse_Header')?['Action-Authorization'],'Bearer ','')
Then you split the token to get just the second section:
split(variables('ActionAuth'),'.')[1]
Finally, parse:
{
"type": "object",
"properties": {
"iat": {
"type": "integer"
},
"ver": {
"type": "string"
},
"appid": {
"type": "string"
},
"sub": {
"type": "string"
},
"appidacr": {
"type": "string"
},
"acr": {
"type": "string"
},
"tid": {
"type": "string"
},
"sender": {
"type": "string"
},
"oid": {
"type": "string"
},
"iss": {
"type": "string"
},
"aud": {
"type": "string"
},
"exp": {
"type": "integer"
},
"nbf": {
"type": "integer"
}
}
}
The resulting value "sub" is the email address of the sender.
