2

I am new to logic apps and am trying to build an Auth request workflow to obtain a token for re-use in subsequent requests.

The API I am connecting to requires that I first sign-in using a username and password in the body of the initial request. Assuming authentication is successful, it will return a token in the response header 'Authorization'.

I receive a successful authentication message in the body of the response but no Authorization header is displayed and I can only presume this is for security reasons?

If this is the expected behaviour, could someone point me towards how to obtain the auth token and store it securely for the subsequent requests?

Request sent:

{
"uri": "https://URL",
"method": "POST",
"headers": {
    "Accept": "text/html",
    "Authorization": "*sanitized*",
    "Content-Type": "application/json"
},
"body": {
    "password": "USERNAME",
    "username": "PASSWORD" }
}

Response Received:

{
"statusCode": 200,
"headers": {
    "Vary": "Accept-Encoding",
    "Access-Control-Allow-Origin": "*",
    "Access-Control-Allow-Headers": "Origin, X-Requested-With, Content-Type, Accept, Authorization",
    "Access-Control-Expose-Headers": "accept, authorization, content-type",
    "X-Frame-Options": "SAMEORIGIN",
    "X-XSS-Protection": "1; mode=block",
    "Cache-Control": "private",
    "Date": "Fri, 23 Feb 2018 18:01:36 GMT",
    "X-Powered-By": "ASP.NET",
    "Content-Type": "text/html",
    "Content-Length": "60"
},
"body": "{\"ErrorUsernameOrPasswordIncorrect\":false,\"Successful\":true}"
}

Many thanks.

Nigel

Thomas
  • 24,234
  • 6
  • 81
  • 125
Nigel Clark
  • 21
  • 1
  • 2

2 Answers2

3

If you're using the the client application method, you can use something like this to get oauth token.

enter image description here

Once you send the credentials, you will get a response with a format like this one in JSON:

{
  "token_type": "Bearer",
  "scope": "user_impersonation",
  "expires_in": "3599",
  "ext_expires_in": "0",
  "expires_on": "1529679207",
  "not_before": "1529675307",
  "resource": "https://xxxxxxxxx.com",
  "access_token": "xsjlhldjahdjhakdsdas"
}

Then, you will need to use the Parse JSON Action and copy the response to create the JSON Schema in the action to be able to use the access_token field as a dynamic field.

About the design, I think you can use some of the Azure products to save the returned access token and check the expiration date in order to refresh it when you need it.

cfnerd
  • 3,658
  • 12
  • 32
  • 44
Jairo Villarreal
  • 31
  • 3
0

From the Logic App documentation:

If your parameter is used in the headers or body of a request, the parameter might be visible by accessing the run history and outgoing HTTP request. Make sure to set your content access policies accordingly. Authorization headers are never visible through inputs or outputs. So if the secret is being used there, the secret is not retrievable.

So the header maybe there but won't be visible from the output.

Thomas
  • 24,234
  • 6
  • 81
  • 125