Getting an error when authentication type is ManagedServiceIdentity

[rodolfoortiz]

I'm getting an error:

 "The API connection reference name salesforce-2 has invalid authentication type ManagedServiceIdentity. Only 'Raw' or 'ActiveDirectoryOAuth' authentication type is allowed in local developer environment". 

My connections.json file looks like:

  "managedApiConnections": {
    "salesforce-2": {
      "api": {
        "id": "@appsetting('sfdc_api_id')"
      },
      "authentication": {
        "type": "ManagedServiceIdentity"
      },
      "connection": {
        "id": "@appsetting('sfdc_connection_id')"
      },
      "connectionRuntimeUrl": "@appsetting('sfdc_connection_runtime_url')"
    }
  }

I believe in the LogicAppUnit framework the method ReplaceManagedApiConnectionUrlsWithMockServer in the class ConnectionsWrapper.cs should also change the field authentication type to 'Raw' if it says 'ManagedServiceIdentity'. Or is there another way to resolve the error I am seeing?

[mark-abrams]

Hi @rodolfoortiz , thank you for posting this issue.

When developing Standard Logic Apps, the usual approach is to configure the authentication type for each Managed API Connection in the connections.json file to Raw or ActiveDirectoryOAuth. This allows the connections to correctly authenticate with Azure when the workflow is run locally. The ManagedServiceIdentity auth type is only used when the workflows are deployed to an Azure environment, since the Logic App can then use its own managed identity to authenticate with the Managed API Connector's token store. This is described in the Microsoft documentation. And this is why you are seeing this error being raised by the Logi App workflow engine:

Workflow 'xxxxx' validation and creation failed. Error: 'The API connection reference name 'xxxx' has invalid authentication type 'ManagedServiceIdentity'. Only 'Raw' or 'ActiveDirectoryOAuth' authentication type is allowed in local developer environment.'


I'm interested to understand why you are running Logic apps locally with the authentication type set to ManagedServiceIdentity? Does this even work when you run the workflow locally?

The LogicAppUnit testing framework assumes that the authentication type in the connections.json file is set to a valid value, either Raw or ActiveDirectoryOAuth. Running a workflow via a unit test still runs the workflow in the Logic App workflow engine and so you will see these validation errors if the authentication type is not set to a valid value.

[rodolfoortiz]

You are correct, I'm setting the authentication type to ManagedServiceIdentity because the logic app is being deployed to Azure. I could programmatically change the authentication type to Raw in the file connections.json when the unit test runs, but then I would need to revert the changes when the unit test completes. An alternative would be to default the authentication type to Raw so that the unit tests can run correctly, but then in my Azure pipeline I would need to modify connections.json so that authentication type is updated to ManagedServiceIdentity. I consider these very messy solutions.

An easier path is for me (probably not the correct one) is for the LogicAppUnit framework to always reset the Authentication Type to a valid value so the unit test can run correctly.