I have developed an Azure logic app and Azure function to send actionable messages to users.
On the bottom are two buttons to reply to another logic app. If I test it on the outlook web app (O365 E3-E5 licensing), it works fine.
On the outlook desktop app it's not working with Error 401 not authenticated.
The logic app is not triggerd if I check the history logs.
Any ideas what causes the error or how to debug?
Best regards
Edit:
The Logic App uses an HTTP trigger with a specific json input.
In the Logic App the users JWT Token will be checked with an Azure Function. But, the logic app never shows an run started if I click on send in the outlook desktop app. It looks like the call is blocked by the outlook client.
I have found a solution or a workaround...
Instead of triggering the Logic App directly, the request is sent to an Azure function (which also authenticates the user). The function is just a "middleman" that forwards the request to the logic app after successful authentication.
I don't know why it doesn't work with Logic Apps in this particular version of the Outlook desktop application... but with Azure functions there is a solution :)
Related
I have access to the Pinterest v5 api and have successfully authorised my Pinterest App on a couple of Pinterest accounts via Postman using Oauth2 and can run queries against those accounts. I've then created an Azure Logic App Custom Connector with Oauth2 authentication using the exact details as used in Postman (different Redirect URI of course). I can successfully add an action (List Boards) from the custom connector to a logic app. After adding the action I click the 'sign in' button on the action, the pop-up appears and I can see it hitting the right Pinterest account, but the 'authorise' window never appears, it just hangs. Postman works every time with Oauth2 but there's always issues with Custom Connectors. This is the url it's hanging on https://api.pinterest.com/oauth/?client_id=xxxxxxxx&response_type=code&redirect_uri=https%3a%2f%2flogic-apis-westus.consent.azure-apim.net%2fredirect&state=2345dfhghg2-ce76-43c5-b7bc-efbf78d4c426&scope=boards%3aread%2c+pins%3aread
Any suggestions or thoughts welcomed!
From my testing, it looks like Microsoft enforce a space between Scope entries, which prevents Pinterest from authorising the oauth2 request. The Custom Connector can work if you only use one Scope e.g. user_accounts:read. So the workaround to use a Custom Connector with oAuth2 for the Pinterest API v5 is to create a connector for each Scope you want to use.
Can anyone raise a bug with Microsoft for this? Happy to provide more detailed info, but I don't have a support arrangement with MS.
In our deployed environment, we will have an Azure Function that is triggered via ServiceBus, which is great. But for local testing, I want to be able to make use of the following advice from the following article:
For all kinds of functions other than HTTP triggers and webhooks, you can test your functions locally by calling an administration endpoint. Calling this endpoint with an HTTP POST request on the local server triggers the function. You can optionally pass test data to the execution in the body of the POST request. This functionality is similar to the Test tab in the Azure portal.
However, when I do said post request to localhost:7071/admin/functions/NameOfMyFunction, the following exception gets thrown from within the Azure code:
System.InvalidOperationException: 'No authentication handler is configured to authenticate for the scheme: ArmToken'
For functions with ServiceBusTrigger on them, is there some Authentication header that I need to put on this test HTTP post?
For functions with ServiceBusTrigger on them, is there some Authentication header that I need to put on this test HTTP post?
It odd that you get that error. Based on my test, there is no need to add authentication header for it. I test it with VS 2017,it works correctly on my side.
The following is my detail steps, you could refer to:
1.Create an azure function app and add service bus trigger.
2.Test it with postman
post localhost:7071/admin/functions/{functionName}
body
{"input":"Service Bus Message"}
Console output:
I have an Azure bot which is all developed and working fine. It currently talks to a 3rd party workflow application via a simple webhook.
I am now trying to replicate this using Azure Logic App. I have a simple logic app that responds fine to requests from POSTMAN. However, when I set the Messaging Endpoint in the Azure Bot service to the URL of the logic app's top node (when a http request is received), I see 401 unauthorized responses from all of my channels in the bot and I don't know why. POSTMAN is using the exact same target URL and works fine.
Any ideas what is going on here?
I had a similar problem, and found the solution was to first ensure an Authorization header is being sent, and 2nd, set the value to null.
Refer: https://learn.microsoft.com/en-us/outlook/actionable-messages/security-requirements#action-authorization-header
So I'm working on a project to redeploy an application that was previously hosted as an Azure Mobile Service as an Azure Mobile App. Said application has a frontend (hosted as a Web App in Azure) and backend API (this is the Mobile App) that is called directly from the frontend's javascript. The upgrade had been going well up until I started working on the Microsoft Account Authentication piece. Following the instructions at...
https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-net-upgrading-from-mobile-services
https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-how-to-configure-microsoft-authentication
...got things mostly rolling. My application has been registered in the Microsoft Account Developer Center, I specified a Redirect URI following the 'https://{{my_backend_mobile_app_name}}.azurewebsites.net/.auth/login/microsoftaccount/callback' format, I configured the Microsoft Authentication/Authorization in the appropriate blade of my mobile app in Azure using the ClientId/Secret from the Microsoft Account Developer Center. Things go mostly well when I test it out: I can go to the frontend of my application and click on the 'Sign In' button, a new window opens with Microsoft's Login.Live site where I am prompted to login with a Microsoft account, I do so successfully and am redirected to the Redirect URL specified in the Microsoft Account Developer Center and it has Code and State values appended in the query string.
However, the page that is shown when I get redirected there is a 'You do not have permission to view this directory or page'. If I copy the URL, open a new tab, paste it in and hit enter it takes me to a 'You have successfully signed in' page. But neither way takes me back to the frontend of my application where it would log me in and continue into the site as everything is still happening in the new window that was opened for signing in. If I close that window, the authentication process sees that as a 'Cancelling' of the login and requires me to login again (which just repeats the above process). If I leave the window open and go back to the window with my frontend site, it is still waiting for a response from the login process.
So this leads me to my main question: How do I get the Microsoft Account Authentication process to actually return the login response to my frontend site rather than to the login window?
Side note, I've updated the SDK's for both the frontend and backend from the Mobile Service ones to the Mobile App's ones. In doing so I had to add in an OWIN middleware (per the instructions in link #1 above, under the 'Updating the server project' header) to my backend app. My current hypothesis is that this OWIN middleware isn't configured correctly for authentication and is getting in the way blocking the callback from working properly; thus, I am messing around with the app.UseAppServiceAuthentication(new AppServiceAuthenticationOptions()); piece.
According to your description, I assumed that you are using the JavaScript client library for Azure Mobile Apps. I checked this issue on my local side and found I could encounter the same issue as you mentioned as follows:
Then I tried to deploy it to azure web app (https://brucechen-mobile.azurewebsites.net/login.html), I found it could work as follows:
After searched the web I found a similar issue and refer to this blog about Fix the Ripple Issues. I log onto azure portal and choose my mobile app, then click "All Settings > CORS", add the URL for my local web application as follows:
Then, click "SETTINGS > Authentication / Authorization", add the ALLOWED EXTERNAL REDIRECT URLS as follows:
Based on the above settings, it could work as expected on my local side as follows:
I'm using an Azure function app for my website to help send email. I use Azure Function authentication and pass the key as header from Ajax request and that works well. But my issue is that, having the function call in the JS of the website make it prone to my friends sending automated Http requests, such that the function is repeatedly executed
Is there a way to avoid this. May be using the request sender IP?
Azure Function keys are not supposed to be shipped to the end user devices (be it browser, mobile app, IoT device etc). You should hide function calls behind some authentication flow.
See these links for some options:
Authentication and authorization in Azure App Service
Working with identity in an Azure Function
A very similar question, but from Mobile app point of view:
How to safely call Azure Function with function level authorization in Xamarin mobile app?