I apologize if I am describing this poorly. I have an Azure Function App that I intend to be triggered by a Power Automate custom connector. The Function App has AAD authentication set up.
In one of the functions, I am trying to retrieve a file from SharePoint Online that the user has specified. I am trying to use an on-behalf-of flow to create an access token to access SPO.
However, when I make the actual Graph API request using my generated OBO token, I am blocked by Conditional Access. (Specifically, I get the Java exception java.io.IOException: java.util.concurrent.ExecutionException: com.microsoft.aad.msal4j.MsalInteractionRequiredException: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.
)
From the Microsoft documentation that is available, it sounds like Microsoft's intent is to have me prompt the user for MFA. However, in this case, I do not think that's possible with Power Automate. I found this answer that seemed to be related, but I do not understand how to translate that answer to the MSAL Java libraries that I am using.
Here is the actual code if that helps answer the question. (I know there are probably many other stylistic problems and whatnot, so apologies for that.)
Thank you for any advice you can provide.
I have tried using the incoming Bearer authN token (generated using Azure AD authentication set up on the Function App) to create an OBO token. However, the Graph API call using the OBO token gets blocked by Conditional Access.
Expected Result: my function can successfully retrieve the specified file from SharePoint Online.