Reputation: 1217
Power Apps - OAUTH 2 Authentication with Azure Active Directory
I have an API that implements OAUTH Azure Active Directory Authentication. To achieve this, I created 2 App Registrations: Client and Backend.
I successfully implemented a Logic App able to call the API, so I am sure the authentication flow works.
Now, I need to call the same API from Power Apps, but unfortunately I got an error.
First, I create a Custom Connector
Then, I configure the Security section in this way:
- Client ID: it's the ID of the Client App Registration
- Client Secret: it's the secret of the Client App Registration
- Login Url: login Url from Microsoft
- Tenant Id: it's the Tenant Id of App Registrations
- Resource URL: I don't know what to put here, I tried by using the ID of the Backend App Registration
- Scope: It's not mandatory, but I tried to set the Application ID URI of the Backend App Registration concatenated to /.default.
When I try to create a Connection at the end of the wizard
I get this error
AADSTS650052: The app needs access to a service ("http://rts.powerapps.com") that your organization "a467080d-9919-4241-a48f-8b0002685a59" has not subscribed to or enabled. Contact your IT Admin to review the configuration of your service subscriptions.
My Client App Registration has the following API Permissions
UPDATE
Following @ChauncyZhou's suggestion and adding the Redirect URL generated by the Custom Connector to Client App Registration, I completed Custom Connector and Connection creation process.
When I test the API I get a 401 error:
The audience '97e**********************9c9' is invalid
Where 97e**********************9c9 is the Backend App Registration id. Did I make some mistake when I configured the Custom Connector? API works fine with Postman and Logic App.
Upvotes: 2
Views: 5690
Answers (1)
Reputation: 1065
When you call the same API from Power Apps, you don't need to add
Powerapps Runtime Service permission.Because you are calling your own api,Not calling the Common Data service api.
Because you add this permission, but your organization has not subscribed to or enabled, so it causes an error.So for your question, you just need to remove PowerApps Runtime Service permissions.
Upvotes: 2
Related Questions
- oAuth2.0 with Microsoft flow(Power Automate) and then accessing protected API
- deamon authentication on powerapps admin REST API
- Problem generating valid oauth2 token to access PowerBI APIs
- Do I need to configure azureAD for powerapps?
- PowerApps Custom Connector AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application
- Setting PowerApps CustomConnector to OAuth2/AzureAD
- How to connect Azure AD with PowerApps forms
- AppAuth with Azure AD B2C
- PowerBI authentication C#
- Authorization Oauth2 bad request for PowerBI user