Search code examples
azure-logic-appsbapi

How can I use a service principal in HTTP with Azure AD connector in logic apps

I add an action to my logic app with the HTTP with Azure AD connector. When adding the acito, I'm prompted to create a connection, however there is only "User based auth" available with a "sign in" button. I need to use this connector with Service PRincipal auth, similar to Azure Data explorer. Is this/can this be supported?

see connection creation here: enter image description here

vs. Azure Data Explorer enter image description here

Solution

  • You are able to send HTTP request to azure ad API via HTTP action. Start by creating an service principal (app registration) with client ID and in your logic app first add HTTP action with the method post to get a valid bearer token as seen here: HTTP ACTION Remember to replace tenantId, clientId, clientSecret and resource depending on what api you want to query. Resources: Azure AD: https://graph.microsoft.com/ Azure Storage: https://storage.azure.com/

    Next you will need to add a step to Parse the response body from the HTTP request above to be able to use the access token in further steps. Use the following schema:

    {
"properties": {
    "access_token": {
        "type": "string"
    },
    "expires_in": {
        "type": "string"
    },
    "expires_on": {
        "type": "string"
    },
    "ext_expires_in": {
        "type": "string"
    },
    "not_before": {
        "type": "string"
    },
    "resource": {
        "type": "string"
    },
    "token_type": {
        "type": "string"
    }
},
"type": "object" }

    Then you are able to do both GET and POST request against azure ad.