3

I am trying to call a CDN Purge's Azure REST API url from Microsoft Flow.

  • I found HTTP - HTTP as the best action to use as Azure with HTTP sounds to be specialized on accessing resources not on (just) calling.
  • I created a Web app / API application in Azure Active Directory for this purpose.
  • The API calls need to be authenticated so I chose Active Directory OAuth.
  • I filled in the Tenant id into Tenant, chose Secret as Credential type and put a application's password (Keys) into the Secret field.

However, I am lost what to put into Audience and Client ID field.

I tried to search docs but did not find any relevant results. I presume one of those should be the App Id.

What to put into the Audience and Client ID fields and how to find the values?

Is there anything else required to do to make this working (like setting a permission to allow purging the CDN, updating manifests, assigning roles)?

PS: I am getting BadRequest. Http request failed as there is an error getting AD OAuth token: 'AADSTS50105: Application '<appId>' is not assigned to a role for the application '<appIdUri>'. in my most recent attempt.

alik
  • 2,244
  • 3
  • 31
  • 44

1 Answers1

5

The audience is the value of App ID URI that you registered (homepage below image)

The Client Id is nothing but the Application ID

enter image description here

Jayendran
  • 9,638
  • 8
  • 60
  • 103
  • I've put the `Home page` url `https://account.activedirectory.windowsazure.com:444/applications/default.aspx?metadata=...` into the `audience` field but the error message is basically the same (except the value change). – alik Sep 01 '18 at 15:26
  • @alik Are your sure you put the value from [here](https://mage2.pro/t/topic/4108) ? – Jayendran Sep 01 '18 at 15:30
  • That was my original value in the Audience field (`http://customappssoSOMETHING`) before I changed it based on your screenshot. – alik Sep 01 '18 at 15:39
  • @alik usually both the homepage URL/ App ID Url would be the same. Some case it would be different. But the audience should be mention like the App id Url (like mentioned in the screenshot as a comment) – Jayendran Sep 01 '18 at 15:49
  • Ok, I've created another app using another wizard. This time the App ID Uri sounds different (http://tenantdomain/guid) and that seems to work (for the authentication part). As I am getting another error Unauthorized (without any other explanation) as long as all the OAuth values are correct. – alik Sep 01 '18 at 16:09
  • @alik Make sure that you have correct `application id(Client Id)` and the `client Secret` – Jayendran Sep 01 '18 at 16:18
  • Those values are correct. If I change them I got another (relevant) error message. As such, I expect that the authentication part succeeded. I've tried to add the app as a Contributor to the CDN profile but it did not help. Now I just get the HTTP box having just "Unauthorized." inside it. – alik Sep 01 '18 at 16:31
  • I have created a new question for the Unauthorized message. https://stackoverflow.com/questions/52130448/calling-azure-cdn-purges-rest-api-from-flow-returns-unauthorized – alik Sep 01 '18 at 17:08