azureazure-active-directoryazure-web-app-serviceazure-logic-apps
Azure Logic App HTTP Request Authentication Scope
We have an API hosted in Azure as an Azure Web App that we need to trigger via http on a schedule.
Our API requires a valid Azure AD Access Token be sent with each request.
Azure Logic Apps gives us the option to authenticate our request with Azure AD. However, we do not see the option of including scope in the request. If we send a request without specified scope or role, we get the following error:
System.UnauthorizedAccessException: IDW10201: Neither scope or roles claim was found in the bearer token.
How can we authenticate an http request from an Azure Logic App when scope/role is required in the access token by the API?
Solution
Thanks to @Skin for the suggestion!
Here is what worked for future visitors to this question:
Navigate to your Logic App in the Azure Portal > Select "Logic App Code View" > Add the following to "authentication":
- audience: "api://<your api's clientId>"
- clientId: "<your logic app's clientId>"
- scope: "api://<your api's clientId>/.default" (this piece is not available in the interface)
- secret: "the secret you generated for your logic app in your aad app registration"
- tenant: "your tenant id"
- Azure Logic App HTTP Request Authentication Scope
- Provision new SQL Azure database into existing, non-terraform managed SQL Server instance
- Get Log analytics workspace ID of a virtual machine in Azure connected to a workspace in a different subscription
- Enabling minimum apiVersion to 2021-08-01 in Azure API Management causing saving issues or deployment errors for existing logic apps
- Creating a VM in Azure using Powershell
- Azure Bicep reference existing resources from different subscriptions using ternary operators inside scope property
- Trigger azure function on user registration in b2c
- Migrating from validate-jwt to validate-azure-ad-token policy
- Azure DevOps Pipeline Expression Evaluation
- Using Event Hubs binding for Azure Functions with managed identities?
- How to connect a microsoft SQL Server database to Open Data Discovery (odd-odd-platform)?
- Cosmos DB for MongoDB private endpoint requests blocked by network firewall
- Specifying SAS Token Authorization header with Azure REST API
- Databricks ui is different between different Azure Tenants with activated SCIM Integration
- Download large files in Azure image builder process
- TriggerBuild Could not queue the build because there were validation errors or warnings
- How to get the azure subscription current cost using PowerShell
- Azure Form Recognizer Set API Version
- How do I flatten certain properties in a nested structure using Linq for Cosmos noSQL?
- Unable to locate executable file: 'bash'. Please verify either the file path exists
- "We're sorry, your sql database is unavailable" What does this mean exactly in Azure SQL?
- How do I login to an Azure AD Joined VM using Azure AD Credentials on an Windows Server 2019?
- Using the DATA OPERATIONS Select to return an array of a JSON output from a compose
- How to parse an XML embedded in a nvarchar column?
- Is there a CLI command on Azure to see console messages of a VM that is not booting up?
- MS Azure - Create new item in ADO error 400: Linking to a work item requires the full url
- 'Cannot use import statement outside a module' in Azure function
- Azure C# Cosmos DB: Property "id" is missing when it's actually present
- Azure Permission - needed for creating resource group - RBAC
- Can the Azure Service Bus be delayed before retrying a message?