web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Setting Bearer token o...
Power Apps
Unanswered

Setting Bearer token on Custom Connector using the Generic OAuth2 Identity provider

(3) ShareShare
ReportReport
Posted on by akhtar 12

Within PowerApps, I am trying to connect to an external API using a Custom Connector. That Custom Connector is using the generic OAuth2 identity provider to authenticate using Auth0. The connector has successfully managed to login, but calls to the external API endpoints are failing. What I need to do is to get the Bearer token in the Authorization header to use the token that Auth0 provides. However, it looks like that the token that is actually sent on the endpoint call is a Microsoft one, not the Auth0 one. How can I get it set up so that it uses the Auth0 token?

Categories:
Building Power Apps
I have the same question (0)
  • TeemuSantala Profile Picture
    TeemuSantala 7 on at

    I have the same issue. Any resolutions?

  • akhtar Profile Picture
    akhtar 12 on at

    I did mange to get it to work. You must explicitly ask the scopes you require in your custom connector settings, otherwise they do not get returned. What confused me is that the token that shows up in the GUI on one of the runs, is actually the token used to connect to Microsoft back end services, and not the one returned from Auth0. That Auth0 token is not available to see anywhere.

  • alexradice Profile Picture
    alexradice 4 on at

    @akhtar I have the same issue, could you provide some more information about what scopes you needed to set and how you configure the custom connector to specify the audience that needs to be requested when the connection is created with auth0?

     

    I have an auth0 application that looks like this:

    auth0 application 1.png

    and this:

    auth0 application 2.png

    when I (successfully) log in to the application in the normal interactive way (not from Power Automate) then the login url is:

    https://SNIPPED-dev.eu.auth0.com/authorize?redirect_uri=http%3A%2F%2Flocalhost%3A11113&client_id=7EDovlvoLLpK5FiyZ0gNXfQJ34Da0Nkq&audience=https%3A%2F%2Fdev.api.com&scope=openid%20profile%20email%20offline_access&response_type=code&response_mode=query&state=UDZPbkwxTExqcGZnU044czNaZDVkRVdsU3kuN29WSTNFMmhCT2F3YX5wTA%3D%3D&nonce=aWpHNUlfVDV%2BdjE3c2lyOWVuZFU4aGxjUDFSMTU3Tzh6ZXJlVEJhdmVGWg%3D%3D&code_challenge=FMzxLYlWPLTguMx4Coa0IPPeQGLBP2YJKobUE_hAi7w&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiQGF1dGgwL2F1dGgwLWFuZ3VsYXIiLCJ2ZXJzaW9uIjoiMS4yLjAifQ%3D%3D

    You can see that an audience of https://dev.api.com is being specified. When I use decode the JWT that is sent through to my API in a normal login scenario it looks like this:

    {
 "http://p3.peopleplus.truenorthit.co.uk/nickname": "aradice",
 "http://p3.peopleplus.truenorthit.co.uk/name": "aradice@test.com",
 "http://p3.peopleplus.truenorthit.co.uk/email": "aradice@test.com",
 "iss": "https://SNIPPED-dev.eu.auth0.com/",
 "sub": "auth0|5fc626d3aa67b2007595f861",
 "aud": [
 "https://dev.api.com",
 "https://SNIPPED-dev.eu.auth0.com/userinfo"
 ],
 "iat": 1606905089,
 "exp": 1606991489,
 "azp": "7EDovlvoLLpK5FiyZ0gNXfQJ34Da0Nkq",
 "scope": "openid profile email",
 "permissions": [
 "actions:process-own",
 "actions:view-own",
 "notifications:view-own"
 ]
}

     You can see that the "aud" array contains the audience I've requested. The JWT that contins all that info is pretty long, about 1300 characters including the signature. But when I try to use Power Automate to create a connection the same API I notice a couple of things:

     

    The auth0 Url that Power Automate uses to set up the connection is quite different from the Url that I hit when logging in to the application in the normal way:

    https://SNIPPED-dev.eu.auth0.com/login?state=g6Fo2SBhVnhYUHlJZ29NVW5LR0lKY1ltRURFNTNMcXc0SzF5Z6N0aWTZIDRIUmFxMnR1WVI4bndDZ0o2dENHUVJjeU9JdWhIYzU5o2NpZNkgT0ZVTXBVVXBXSTlHQkQ3SnhpQXBaZmVhTXBsUXJWSkQ&client=7EDovlvoLLpK5FiyZ0gNXfQJ34Da0Nkq&protocol=oauth2&response_type=code&redirect_uri=https%3A%2F%2Fglobal.consent.azure-apim.net%2Fredirect&scope=openid%20profile%20email%20offline_access​

     When I test my connector the Bearer token that Power Automate sends is tiny, only 32 characters long, and it isn't a JWT, My application rejects this with a 401.

     

    I'm also having the same problem as you in that it is extremely difficult to troubleshoot this as the error that the Power Automate reports is with calling one of its own internal endpoints, the real error being hidden away somewhere in the internals:

    Test failed.png

     

    Can you give me any pointers?

  • akhtar Profile Picture
    akhtar 12 on at

    Hi @alexradice,

     

    I've got the Custom connector setup like this

     

    akhtar_0-1606987995733.png

     

    This should automatically set the JWT bearer token on your API requests after the user has logged in. If your PowerApp calls your flow, the user should be automatically be presented with your Auth0 logon screen, and the Custom Connector should handle the refresh tokens in the background, without any further intervention.

  • alexradice Profile Picture
    alexradice 4 on at

    I fixed this in the end. The problem was that if you don't pass an "audience" querystring argument to the auth0 authorize endpoint then the auth token that is generated will be an opaque token rather than a JWT which cannot be used to authorize API operations. This post explains it: https://community.auth0.com/t/why-is-my-access-token-not-a-jwt-opaque-token/31028 

    The Generic OAuth 2 provider in Power Automate does not allow you to specify an "audience" argument so what I did instead was to create an Azure Function (I could have used any other lightweight serverless technology, I was working on an Azure project so an Azure Function was the obvious choice) that accepted a HTTP GET request and redirected to my auth0 authorize endpoint including all the original querystring arguments and adding in the "audience" argument that I needed. This worked just fine.

  • slx Profile Picture
    slx 108 on at

    Hi

     

    I am new to power app custom connectors - could you help with this ?

     

    The call is successfully with javascript below but I don't know what settings I need to do for custom connectors (I did some tests with a public API and this is working just I don't know for this one below what I need to set)

     

     

    async function fetchWebApi()

    {

     

    var details = {

        'userName': ‘username’,

        'password': 'password',

        'grant_type': 'password'

    };

     

    var formBody = [];

    for (var property in details) {

      var encodedKey = encodeURIComponent(property);

      var encodedValue = encodeURIComponent(details[property]);

      formBody.push(encodedKey + "=" + encodedValue);

    }

    formBody = formBody.join("&");

     

    let response = await fetch('http://XXXX/token', {

      method: 'POST',

      headers: {

        'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8'

      },

      body: formBody

    })

     

    let commit = await response.json();

     

    console.log(commit);

     

    console.log("Status " + response.status);

    alert("Status " + response.status);

     

    if (commit != null)

    {

      console.log(commit.access_token);

      getAllClients(commit.access_token);

    }

     

    }

     

    async function getAllClients(acessToken) {

     

      let response = await fetch('http://XXX:80/method', {

        headers: new Headers({

                                 'Authorization': 'Bearer ' + acessToken,

                                 'Content-Type' : 'application/x-www-form-urlencoded;charset=UTF-8'

                  }),

        method: 'GET'

      })

     

      let result = await response.json();

     

      console.log(response);

      console.log(result);

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 739 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 343 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans