Reputation: 1
Azure DevOps Webhook authentication to trigger Power Automate flow that is set to "Any user in tenant"
I'm trying to create a Flow that is triggered by Azure DevOps. We want to use a Web Hook instead of a work item trigger as we want the trigger to happen from multiple ADO Projects. We don't want to maintain duplicate flows just so that we can switch out the Project in the trigger.
My Flow works when "Who Can Trigger The Flow?" is set to "Anyone".
But when I select "Specific users in my tenant", Azure DevOps will give me a 401 Unauthorized error. Both our ADO and Power Automate instance are in the same tenant.
I have seen answers such as this blog post but the Azure DevOps web hook has less fields than their examples.
I have tried passing the following into the header but that didn't work, as was expected.
aud: https://service.flow.microsoft.com/ iss: https://service.flow.microsoft.com/<our tenant id> tid: <our tenant id>
Any ideas how I can get this to work? Can I pass something in the headers or in the URL?
Upvotes: 0
Views: 972
Answers (1)
Reputation: 5281
When "Who Can Trigger The Flow?" is set to "Anyone", if you check the HTTP URL, you can see sig info. But if you set "Who Can Trigger The Flow?" to "Specific users in my tenant" or "Any user in my tenant", there isn't any sig, the request will fail with 401 as expected due to lack of authentication.
When using "When a HTTP Request is Received Trigger" and not selecting "Anyone", it requires OAuth authentication. But Azure DevOps webhook only supports Basic authentication. As a workaround, you can create a pipeline for OAuth authentication and trigger the Power Automate flow.
- Create an Application Registration in the Microsoft Entra ID and assign API Permissions for setting up the OAuth authentication. - See the detailed info from Azure Application Registration.
- Create a webhook in your project and create an "Incoming Webhook" service connection. See the detailed steps from Generic webhook based triggers for YAML pipelines. Use this webhook as pipeline resources and trigger the pipeline.
- In the pipeline, add a PowerShell task and use the application you created at step1 to run post request to authenticate with Power Automate and trigger the flow. Refer to this blog. Just run the APIs used in the Power Automate in the DevOps pipeline.
Upvotes: 0
Related Questions
- How to trigger a Power Automate Flow - while updating an Entity?
- Connect Azure DevOps Queries to SharePoint List using Power Automate
- Trigger pipeline with HTTP Request or fromo Power Automate flow
- Microsoft Power Automate Alternative for listening events in Azure DevOps
- How to configure a Webhook in Azure DevOps and integrate it with Power Automate to enable interaction/connection?