Search code examples
authenticationoauth-2.0azure-active-directorypowerapps

Power Apps - OAUTH 2 Authentication with Azure Active Directory

I have an API that implements OAUTH Azure Active Directory Authentication. To achieve this, I created 2 App Registrations: Client and Backend.

I successfully implemented a Logic App able to call the API, so I am sure the authentication flow works.

enter image description here

Now, I need to call the same API from Power Apps, but unfortunately I got an error. First, I create a Custom Connector enter image description here

Then, I configure the Security section in this way: enter image description here

  • Client ID: it's the ID of the Client App Registration
  • Client Secret: it's the secret of the Client App Registration
  • Login Url: login Url from Microsoft
  • Tenant Id: it's the Tenant Id of App Registrations
  • Resource URL: I don't know what to put here, I tried by using the ID of the Backend App Registration
  • Scope: It's not mandatory, but I tried to set the Application ID URI of the Backend App Registration concatenated to /.default.

When I try to create a Connection at the end of the wizard enter image description here I get this error

AADSTS650052: The app needs access to a service ("http://rts.powerapps.com") that your organization "a467080d-9919-4241-a48f-8b0002685a59" has not subscribed to or enabled. Contact your IT Admin to review the configuration of your service subscriptions.

My Client App Registration has the following API Permissions enter image description here

UPDATE

Following @ChauncyZhou's suggestion and adding the Redirect URL generated by the Custom Connector to Client App Registration, I completed Custom Connector and Connection creation process.

When I test the API I get a 401 error:

The audience '97e**********************9c9' is invalid

Where 97e**********************9c9 is the Backend App Registration id. Did I make some mistake when I configured the Custom Connector? API works fine with Postman and Logic App.

Solution

  • When you call the same API from Power Apps, you don't need to add Powerapps Runtime Service permission.Because you are calling your own api,Not calling the Common Data service api.

    Because you add this permission, but your organization has not subscribed to or enabled, so it causes an error.So for your question, you just need to remove PowerApps Runtime Service permissions.