cveld
commented
3 years ago Also see Jeff Hollan's script to automate the consent which contains some clues: https://github.com/logicappsio/LogicAppConnectionAuth/blob/master/LogicAppConnectionAuth.ps1
Closed lokijota closed 3 years ago
cveld
commented
3 years ago Also see Jeff Hollan's script to automate the consent which contains some clues: https://github.com/logicappsio/LogicAppConnectionAuth/blob/master/LogicAppConnectionAuth.ps1
v-aangie
commented
3 years ago @lokijota - Thanks for your feedback. We are closing this issue because we are either unable to find relevant information or reproduce this. If you're still experiencing the issue described here, please reopen or create a new issue in one of the forums listed here - https://docs.microsoft.com/en-us/connectors/custom-connectors/provide-feedback.
cveld
commented
3 years ago Connectors such as these use AAD oauth user delegated consent. The connector's app registration is leveraged for this. The connection's security context is that of the user account you have used to consent with. The connection gets a refresh token which is valid for a period of 1 year. As long as you are using the connection frequently the connection will eventually pull a fresh refresh token from AAD.
As user delegated consent is applied, the authorization process cannot be automated fully unattended.
Maybe in future full automation will get provided? That will certainly help our use cases.
The page describes how the connector's API works, but not how the authentication process is done behind the scenes, specifically in terms of token issuance, token storage and lifetimes. All there is is a note in this other page https://docs.microsoft.com/en-us/azure/connectors/connectors-create-api-office365-outlook saying: Your connection doesn't expire until revoked, even if you change your sign-in credentials. For more information, see Configurable token lifetimes in Azure Active Directory. which is totally generic.
Is OpenId being used? OAuth2? Access tokens vs ID tokens? where can the validity of the token be changed or forced expired? what rights are being given to the LogicApps over the target O365 account? Even a brief explanation would be useful.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.