Reputation: 497
Azure Logic App azure_auth - does not have authorization to perform action 'Microsoft.Logic/workflows/listCallbackUrl/action'
The client 'clientId' with object id 'objectId' does not have authorization to perform action 'Microsoft.Logic/workflows/listCallbackUrl/action' over scope '/subscriptions/subscriptionId/resourceGroups/resourceGrpName/providers/Microsoft.Logic/workflows/logicAppName' or the scope is invalid. If access was recently granted, please refresh your credentials.
I'm calling this API from ADF to retrieve the Workflows - List Callback Url so that I can use it to execute the logic app and I get the above error. The "Logic App Contributor" role has been added to the App registration that I'm using.
I think I'm missing the step to get the bearer token (azure_auth) to Authorise with.
The documentation is sparse on how to that. A guide would be helpful here.
Upvotes: 0
Views: 510
Answers (1)
Reputation: 1721
Yes you need to pass bearer token as authorization to get call back url of logic app. I have reproduced issue from my side and below are steps I followed,
Register an application in AD and get client id, client secret and tenant id. Follow this MS document to register application in AD.
Once you have required credentials, create a pipeline in ADF as shown below,
Added two set variables in pipeline for getting client id and client secret. You can assign directly or you can get from keyvault as mentioned in document.
Next added a web activity to get token from url:https://login.microsoftonline.com/{tenantid}/oauth2/token
Request type: Post
Body:@concat(concat('tenant=tenant-id&client_id=',variables('clientid'),'&client_secret='),variables('client_secret'),'&grant_type=client_credentials&scope=https://graph.microsoft.com/.default')
- Taken another web activity to get call back url of logic app, Url:https://management.azure.com/subscriptions/xxxxx/resourceGroups/xxxxx/providers/Microsoft.Logic/workflows/testlap01/listCallbackUrl?api-version=2016-06-01
Request type: Post
Body:{}
Headers:@concat('Bearer ',activity('Web1').output.access_token)
- Debug the pipeline and able to get call back url of logic app,
Upvotes: 1
Related Questions
- The client with object id does not have authorization to perform action 'Microsoft.DataFactory/datafactories/datapipelines/read' over scope
- CI/CD pipeline for Logic app (consumption) with parameterized connections
- The client with object id does not have authorization to perform action 'Microsoft.CognitiveServices/accounts/listKeys/action' over scope
- Getting below authentication error while connecting outlook.com /360 through the logic apps already have the contributor access
- error creating an Azure ML linked service in Azure Data Factory : The client xxx with object id xxx does not have authorization to perform action '
- ADF Shared SHIR permissions
- Azure logic apps : Setting Workflow name dynamically to call a existing logic app(Nested Logic app)
- authorization to perform action 'Microsoft.Logic/workflows/triggers/listCallbackUrl/action'
- Un-link Integration Account from Logic App