How to use a custom Web API from Logic app custom connector using AAD client credentials flow?

0
votes

I have an existing ASP.NET Core API with its Swagger supporting JWT bearer token authentication from an AAD (mono-tenant). This API supports both user and client credentials JWT tokens.

I am trying to create and use a logic app custom connector to use my API but I cannot find a way to make the client credentials authentication work. It seems I can edit the swagger file to use the 'application' flow but it does not seems to be correctly supported.

securityDefinitions:
  oauth2_auth:
    type: oauth2
    flow: application
    tokenUrl: https://login.microsoftonline.com/xxxxxxx/oauth2/v2.0/token
    scopes: {.default: .default}

Are client credentials supported from the logic app connector without custom logic in the logic app flow ? (I cannot find anything about supported scenarios in the docs)

1
azure-active-directoryazure-logic-apps
Any update now? If it helps you , please accept it as answer. - Joey Cai
After having thought about it twice, I assume the scenario I wanted to implement is not supported by custom connectors since it would mean that anybody accessing the connector from a logic app could use it without any extra authentication. What could have been done is providing the access token to the custom action at runtime but it is not possible either (it seems required to authenticate at design-time for a custom connector). - Aloene

1 Answers

0
votes

In order to use the credentials in a standard connector, you need to switch to Active Directory OAuth. And then fill in the client credentials. If you are about to use Microsoft Graph, make sure to specify the Audience as well.

enter image description here

For more details, you could refer to this article.