I have created logic apps in Azure that uses my credential to connect to our SharePoint Online sites and then run without me being around. I want to perform more complex operations on the SharePoint sites and would prefer to create a C# Function App. However I cannot see a way to pass my credentials to the Microsoft.SharePoint.Client
without my having to be there to authenticate. I have researched using a certificate but that requires admin approval which I cannot get. Is there a way for me to use the existing SharePoint Logic App connection, which has my credential information, and pass that to a custom Function App? Here's a quick image of how the connection looks in the Logic App. Instead of using the built in Azure action, I want to replace it with my custom Function App passing that connection to the function app.
Then I would need use that to somehow create the ClientContext:
var ctx = new ClientContext(siteUrl);
ctx.ExecutingWebRequest += (s, e) =>
{
e.WebRequestExecutor.RequestHeaders["Authorization"] = "Bearer " + authenticationResult.AccessToken;
};
return ctx;
Which could then be used against the SharePoint site:
using (ClientContext ctx = await csomHelper.GetClientContext(siteUrl))
{
Web web = ctx.Web;
ctx.Load(web);
ctx.ExecuteQuery();
log.LogInformation($"found site : {web.Title}");
}
While I believe there is no way to fetch the access token from an existing connection, you could expose your function app as a custom connector for use in logic apps.
Firstly, you would need an Azure AD app registration with appropriate permissions to sharepoint.
Then, while creating the custom connector, the security config should be Generic OAuth 2.0
with appropriate details of the Azure AD you created earlier.
And you can then use the custom connector in your logic app, which will trigger an OAuth flow similar to other connectors.
There is an official doc for creating a custom connector for an Azure AD protected Azure Function which is pretty similar and something that you can refer.