Cannot get AAD auth token in Logic Apps

Question

My Azure Logic App attempts to make an authenticated HTTP call to another API, but it fails to get an access token.

• api, Application ID 2222-2222-2222-2222: The app registration for the API.
• logic, Application ID 3333-3333-3333-3333: An app registration for the Logic App.
• In logic, I have created a client secret secretValue.
• In logic, I have added Application permission access_as_application in api, and in api, I have granted this permission.

In Logic App, I use these values:

• Authentication type: Active Directory OAuth
• Authority: (blank)
• Tenant: 1111-1111-1111-1111
• Audience: 2222-2222-2222-2222
• Client ID: 3333-3333-3333-3333
• Credential Type: Secret
• Secret: secretValue

But I get:

The audience '2222-2222-2222-2222' is invalid

Documentation is not clear on the format to use for Audience, so I have tried:

• 2222-2222-2222-2222
• api://2222-2222-2222-2222
• api://2222-2222-2222-2222/.default
• api://2222-2222-2222-2222/access_as_application

But none of them gives me a token.

Answer 1

In my case, I created two app registrations named API app and LogicApp in Azure AD tenant.

In API app, I configured App ID URI and created one App role named access_as_application as below:

Now, I added this permission in LogicApp and granted admin consent to it like this:

In my Azure Logic App workspace, I ran below HTTP request and got access token successfully in response:

Method: POST

URI: https://login.microsoftonline.com/tenant_id/oauth2/v2.0/token

Headers: Content-Type: application/x-www-form-urlencoded

Body:

client_id="LogicAppId"
&client_secret="LogicAppSecret"
&scope=api://ApiAppId/.default
&grant_type=client_credentials

Output:

When I decoded this token by pasting it in jwt.ms, I got aud and roles claims as below: