question

97568512 avatar image
0 Votes"
97568512 asked LimitlessTechnology-2700 answered

Authorising Office365 logic app API Connection with PowerShell

Trying to setup a bunch of logic apps with supporting Azure functions etc. concept is to utilize ML/Azure functions/Logic apps etc. to setup an automated mailing system.

Everything is deployed using ADO/Git with CD/CI pipelines, but we have a problem with the Office365 connector that needs authorization after creation. I found an article that creates a windows form for authentication "https://docs.microsoft.com/en-us/archive/blogs/ronba/using-powershell-and-the-office-365-rest-api-with-oauth" , but we want to do this using azuredevops pipeline and thus are looking for a silent approach, any ideas or links would be appreciated?


Thanks
Krupa G

windows-server-powershellazure-logic-apps
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MughundhanRaveendran-MSFT avatar image
0 Votes"
MughundhanRaveendran-MSFT answered 97568512 commented

@KrupaGundrajuLarsenToubroInfotechL-6566 ,

Thanks for reaching out to Q&A.

Unfortunately, the Office365 connector will prompt for authentication which is a known limitation. The powershell article that you are refering seems to be archived, I am not sure if it would work as expected or it would be supported. If it works, you can run that script in devops via PowerShell task. However if you are looking for Single sign on approach, then you might want to explore Microsoft Graph API to send mails. You can leverage Azure functions to run the script/code using the Graph API (I have not tried it, you might have to trial and error).


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MughundhanRaveendran-MSFT ,

Thanks for your response!

We are using a service account for the authentication where MFA is bypassed. Please check if it is possible to automate this completely.

0 Votes 0 ·
MayankBargali-MSFT avatar image
0 Votes"
MayankBargali-MSFT answered

@KrupaGundrajuLarsenToubroInfotechL-6566 Unfortunately you can’t authenticate the user in a non-interactive way in the connector. Thus, there is no way to fully automate this.

  • Consider not re-creating api connection after initial manual authentication since there's no need unless cred changes, and only include logic apps in the arm template for subsequent deployment.

  • Consider using HTTP with MSI to call graph API directly.

For connection resource define you can refer to this.
More details: https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-deploy-azure-resource-manager-templates#authorize-oauth-connections

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi @KrupaGundrajuLarsenToubroInfotechL-6566

Office365 API authorization works with the OAuth 2.0 Authorisation Code Grant Type, which means, you can only get the authorization code by getting the user owning the mailbox to sign in to get the code.

This behavior of the API is by design. Thus, there is no way to fully automate this. But you can refer to the below article to get insights about using Powershell for your process.

Use PowerShell Script to Manage Your API Connection of Logic App (Consumption) Resources
https://techcommunity.microsoft.com/t5/integrations-on-azure-blog/use-powershell-script-to-manage-your-api-connection-of-logic-app/ba-p/2668253

Authenticate access to Azure resources with managed identities in Azure Logic Apps
https://docs.microsoft.com/en-us/azure/logic-apps/create-managed-service-identity?tabs=consumption

Hope this resolves your Query!!


--If the reply is helpful, please Upvote and Accept it as an answer–

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.