Introduction
In last post we saw how to secure a Function App with Active directory and how to make call to it from another function App.
And for doing it from function we used libraries provided by Microsoft i.e., Microsoft.IdentityModel.Clients.ActiveDirectory;
So how do we do this in logic app? How do we add the above library to logic app and where do we write code? – No code required as Logic app already supports Active Directory OAuth out of box . We just need to provide the following info
Tenant ID(Directory ID) -- It is the authority which grants the token
AudienceID - For whom the token will be created i.e.Target AD App's client ID
Client ID and Client Secret - It is caller AD app's details, this proves client identity
Thus other steps remains same, in order to call AD secured app you(client/calling app) need to get access token from AD and for doing that you need to prove your identity with AD. And to create identity we need to register an App with AD. And then you use this identity to request access token.
How to do it
So first we need to get access token, and to request token we need
As this app will be used to get token, we need to make note of application(client) ID and also need to create a secret
Remember to copy and save the secret as it won't be visible later
Create a simple http triggered logic app which will get triggered upon receiving http request and then calls the secured function app and sends back response . In response it will add whatever received from secured function app.
In second step note that we are using HTTP action rather than using Azure Functions action and it is because Azure Functions action does not support adding authentication details, whereas Http action is flexible with it.
After adding http action, Select POST as method and provide the url of secured function app. In Authentication select Active Directory OAuth and provide the other details as shown below
Here I personally think, having an application settings for logic Apps would be good to have feature. However we can use Key Vault here to store the info and fetch values at runtime but for the sake of post, have done it here itself.
 |
Now add http response action and against body - select the body returned from above step
|
That's it logic app is ready to use.
Testing
The target function expects input in following form
{"name":"Input"}
and it returns result as "Reply from target app,+input it received"
How it works
When calling from function app we had to explicitly call the endpoint (https://login.microsoftonline.com/) alongwith the details like TenantId, AudienceID, ClienID and Secret using the provided library, however in case of logic app you just need to configure the details and rest is taken care by http connector.
Related Post
- Understanding Azure Active Directory Authentication and Authorization using Oauth
- Securing Function App with Azure Active Directory authentication
- Getting Started with Logic Apps - Enterprise Application Integration
- Getting Started with Logic Apps - EDI X12 Fundamentals
- Getting Started with Logic Apps - Fundamentals
- Getting Started with Logic Apps - AS2
- Getting Started with Logic Apps - XML to EDI X12
No comments:
Post a Comment
If you have any suggestions or questions or want to share something then please drop a comment