Reputation: 21
Re-using authorization token response in Logic App
I am new to logic apps and am trying to build an Auth request workflow to obtain a token for re-use in subsequent requests.
The API I am connecting to requires that I first sign-in using a username and password in the body of the initial request. Assuming authentication is successful, it will return a token in the response header 'Authorization'.
I receive a successful authentication message in the body of the response but no Authorization header is displayed and I can only presume this is for security reasons?
If this is the expected behaviour, could someone point me towards how to obtain the auth token and store it securely for the subsequent requests?
Request sent:
{
"uri": "https://URL",
"method": "POST",
"headers": {
"Accept": "text/html",
"Authorization": "*sanitized*",
"Content-Type": "application/json"
},
"body": {
"password": "USERNAME",
"username": "PASSWORD" }
}
Response Received:
{
"statusCode": 200,
"headers": {
"Vary": "Accept-Encoding",
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Headers": "Origin, X-Requested-With, Content-Type, Accept, Authorization",
"Access-Control-Expose-Headers": "accept, authorization, content-type",
"X-Frame-Options": "SAMEORIGIN",
"X-XSS-Protection": "1; mode=block",
"Cache-Control": "private",
"Date": "Fri, 23 Feb 2018 18:01:36 GMT",
"X-Powered-By": "ASP.NET",
"Content-Type": "text/html",
"Content-Length": "60"
},
"body": "{\"ErrorUsernameOrPasswordIncorrect\":false,\"Successful\":true}"
}
Many thanks.
Nigel
Upvotes: 2
Views: 7660
Answers (2)
Reputation: 31
If you're using the the client application method, you can use something like this to get oauth token.
Once you send the credentials, you will get a response with a format like this one in JSON:
{
"token_type": "Bearer",
"scope": "user_impersonation",
"expires_in": "3599",
"ext_expires_in": "0",
"expires_on": "1529679207",
"not_before": "1529675307",
"resource": "https://xxxxxxxxx.com",
"access_token": "xsjlhldjahdjhakdsdas"
}
Then, you will need to use the Parse JSON Action and copy the response to create the JSON Schema in the action to be able to use the access_token field as a dynamic field.
About the design, I think you can use some of the Azure products to save the returned access token and check the expiration date in order to refresh it when you need it.
Upvotes: 3
Reputation: 29791
From the Logic App documentation:
If your parameter is used in the headers or body of a request, the parameter might be visible by accessing the run history and outgoing HTTP request. Make sure to set your content access policies accordingly. Authorization headers are never visible through inputs or outputs. So if the secret is being used there, the secret is not retrievable.
So the header maybe there but won't be visible from the output.
Upvotes: 0
Related Questions
- How to pass SharePoint access token from logic app to HTTP endpoint
- How to make a logic app to run once and call the api multiple times
- Logic Apps - get OAuth2 token?
- Oauth Authentication in Logic Apps
- How to use the output of a rest api as an input to another rest api in a logic app
- Use JSON returned by Azure Logic App HTTP connector
- Calling an Azure AD Protected API from Logic App using Managed Identity
- Pull data fro API using Azure Logic Apps
- Azure Logic App Request Trigger authorization
- Simple REST API Call from logic app - Azure