On behalf of flow with Custom Connectors for MS Flow

I have always been fascinated by different authentication mechanisms that Microsoft provides and recently when a colleague of mine was working on a custom connector, I got to assist her with setting up On-behalf of Flow authentication.

Custom Connectors are kind of actions provided by 3rd parties that users can use in Microsoft Flows.

First of all you need to create a Web API, that will perform the action when someone uses the custom connector. You will need to host this Web API on Azure and create an AAD application that will register the Web API. You will also need create an AAD app that will register the custom connector. You will also need to establish communication between Web API AAD app and Custom Connector AAD App. Steps for this can be found here, https://hiralpatel-sharepointdevelope.blogspot.com/2019/03/steps-to-create-custom-connector-for.html

Basically, here, our client is our custom connector, which communicates with the AAD app hosted on azure to acquire a access token, which is provided after successful sign on, let's call it Token1, after that Token1 is used to communicate with web api and web api validates the token and requests Token2 to access the resource, Token 2 is silently acquired and used to communicate with the resource.

Here, we are using the initial Bearer token that you can acquire from the HTTP Headers to acquire next token that we can use to access the resource.

               string url = HttpContext.Current.Request.Url.AbsoluteUri;
                var Headers = HttpContext.Current.Request.Headers;         
                string assertion = Headers["Authorization"].Replace("Bearer ", "");
                string assertionType = "urn:ietf:params:oauth:grant-type:jwt-bearer";   
                var userAssertion = new UserAssertion(assertion, assertionType, ClaimsPrincipal.Current.FindFirst(ClaimTypes.Upn)?.Value);
                string tenantClaim = "http://schemas.microsoft.com/identity/claims/tenantid";

                var authContext = new AuthenticationContext(string.Format("https://login.microsoftonline.com/{0}",
                ClaimsPrincipal.Current.FindFirst(tenantClaim)?.Value));

                var credentails = new ClientCredential("client id of the Web API AAD App", "client secret of connector Web API AAD App");

                var result = await authContext.AcquireTokenAsync(resourceUri.Scheme + Uri.SchemeDelimiter + resourceUri.Host, credentails, userAssertion);


The blog that helped us a lot to devise the solution. https://paulryan.com.au/2017/oauth-on-behalf-of-flow-adal/

Comments

Post a Comment

Popular posts from this blog

PnP Modern Search Extensibility: Creating Custom Layouts

Image
In the last blog  we were looking at the basics of PnP Modern Search Extensibility, what we can customize  and how to create a the library component. In this blog, we will explore how to add custom layouts using extensibility.  Right now, PnP Modern Search Results webpart provides you with these 5 layouts, Details List, Cards, Slider, List and People, which should be sufficient for simpler scanarios. In addition to that, it also allows you to customize the layout by editing the handlebar template using “edit result template” option under Custom layout, or you can create a custom handlebar file, upload it on SharePoint and then add its location in “ Use an external template layout” option. For example, you are setting up a Search Results page for showing projects. If you use the the default List layout, then the results would end up looking like in the image below, it shows page title, author, date modified, project summary and then what all tags the project has been...
Read more

PnP Modern Search Extensibility: Creating Handlebar Helpers

Image
In the blog series of PnP Modern Search Extensibility we have looked at basics of  PnP Modern Search Extensibility , how to add a  custom layout  and how to add custom web components , in this blog we will look at creating custom handlebar helpers. With extensibility you can also create Handlebar helpers that can be used to in HTML templates or while configuring layout fields. There are a lot of handlebar helpers available for common scenarios as well. In the previous blog we created a Custom Simple List layout, and for showing Project Summary we were using the Summary slot mapped to HitHighlightedSummary, but what if you have created a custom column in the library and want to use it show Project Summary and you also want to truncate it at 180 characters and add ellipsis and then when the user expands the collapsible section you want to show the whole Project Summary. To do that, first of all we need a handlebar helper that would truncate and add ellipsis after...
Read more

PnP Modern Search Extensibility

Image
What is it? The PnP Modern Search solution includes a set of open-source web parts for SharePoint Online that allow for a highly customizable search experience. These web parts can be configured to create tailored search results pages, with features like dynamic filters, sorting, and pagination. PNP Modern Search Extensibility refers to the ability to customize and extend the PnP Modern Search webparts. This is achieved through various tools, components, and practices provided by the PnP community. Why do we need it? Before PnP Modern Search Extensibility was introduced, to achieve the desired changes to the search results, a lot of developers would make changes to the PnP Modern Search solution itself, which would result in the solution being detached from the community version, and if there were major releases done on the community version which were now desired on the cloned version, there would be no way to just deploy the new community package without losing the customizatio...
Read more