Calling Active Directory Secured Function App from Logic Apps

byMaheshkumar Tiwari •12:42 PM

0

{tocify} $title={Table of Contents}

Introduction

In last post we saw how to secure a Function App with Active directory and how to make call to it from another function App.

And for doing it from function we used libraries provided by Microsoft i.e., Microsoft.IdentityModel.Clients.ActiveDirectory;

So how do we do this in logic app? How do we add the above library to logic app and where do we write code? – No code required as Logic app already supports Active Directory OAuth out of box .

We just need to provide the following info

Tenant ID(Directory ID) -- It is the authority which grants the token
AudienceID - For whom the token will be created i.e.Target AD App's client ID
Client ID and Client Secret - It is caller AD app's details, this proves client identity

Thus other steps remains same, in order to call AD secured app you(client/calling app) need to get access token from AD and for doing that you need to prove your identity with AD.

And to create identity we need to register an App with AD. And then you use this identity to request access token.

How to do it

So first we need to get access token, and to request token we need

Register an Application with Active directory (Caller AD App)

As this app will be used to get token, we need to make note of application(client) ID and also need to create a secret

Remember to copy and save the secret as it won't be visible later

Create Logic App

Create a simple http triggered logic app which will get triggered upon receiving http request and then calls the secured function app and sends back response . In response it will add whatever received from secured function app.

In second step note that we are using HTTP action rather than using Azure Functions action and it is because Azure Functions action does not support adding authentication details, whereas Http action is flexible with it.

After adding http action, Select POST as method and provide the url of secured function app. In Authentication select Active Directory OAuth and provide the other details as shown below

Here I personally think, having an application settings for logic Apps would be good to have feature. However we can use Key Vault here to store the info and fetch values at runtime but for the sake of post, have done it here itself.

Now add http response action and against body - select the body returned from above step

That's it logic app is ready to use.

Testing

The target function expects input in following form

{"name":"Input"}

and it returns result as "Reply from target app,+input it received"

Use any rest client and make call to logic app and pass on input in expected format as above and below is the result

How it works

When calling from function app we had to explicitly call the endpoint (https://login.microsoftonline.com/) alongwith the details like TenantId, AudienceID, ClienID and Secret using the provided library, however in case of logic app you just need to configure the details and rest is taken care by http connector.

Learn More about Logic App