none
Invoking Logic App in context of end user's credentials RRS feed

  • Question

  • I have a logic app which triggers on an HTTP request, accesses some oauth secured cloud app (e.g. Salesforce) to say find a record, then returns the result in an HTTP response action.  Very simple and works great using the developer's credentials to e.g. Salesforce.  However, I need the logic app to use the Salesforce credentials of the end-user that is making the HTTP request.  Sorry I am new to logic apps and oauth.  Is there any way for logic apps to trigger an oauth flow to do this?  Thanks for your help! Brent
    Friday, February 8, 2019 8:59 PM

Answers

  • I don't believe this is supported out of the box as such.

    But you could perform the OAuth flow in your app, get the token and use that in a separate header, like say, x-salesforce-authorization and in your logic app, extract that and use that to call the salesforce API.

    Downsides would be that you would to call the Salesforce REST API directly and won't be able to use the available connector.

    The available connector is meant to be used with a service account of sorts which has access to everything it needs I believe.

    Saturday, February 9, 2019 6:46 AM
    Moderator
  • Support confirmed what Ketan said, which is that logic apps connectors can only use the credentials of the developer who built them (or service account the developer is a member of). 

    To implement this scenario you would need to create your own connector(s) as pass in auth tokens.  If the endpoint already has a swagger definition this is pretty quick, so worth considering as an option.  All logic apps connectors are based on a swagger provided by the ISV.  I asked if Microsoft has a listing of these swagger endpoints to expedite the process of replicating the connector and the answer is no unfortunately.   

    • Marked as answer by bolecut Tuesday, February 12, 2019 5:00 PM
    Tuesday, February 12, 2019 5:00 PM

All replies

  • I don't believe this is supported out of the box as such.

    But you could perform the OAuth flow in your app, get the token and use that in a separate header, like say, x-salesforce-authorization and in your logic app, extract that and use that to call the salesforce API.

    Downsides would be that you would to call the Salesforce REST API directly and won't be able to use the available connector.

    The available connector is meant to be used with a service account of sorts which has access to everything it needs I believe.

    Saturday, February 9, 2019 6:46 AM
    Moderator
  • That makes sense.  I'll leave this open for a couple more days to see if anyone else has additional thoughts on it and if not will mark as answered.  Thanks! 
    • Marked as answer by bolecut Monday, February 11, 2019 10:27 PM
    • Unmarked as answer by bolecut Tuesday, February 12, 2019 4:54 PM
    Monday, February 11, 2019 5:09 PM
  • Hi bolecut - I see that you marked your reply as an answer. Did you find something else that help solve your issue? If so, could you share those details here for the benefit of others stuck with a similar issue?
    Tuesday, February 12, 2019 12:53 AM
    Moderator
  • Support confirmed what Ketan said, which is that logic apps connectors can only use the credentials of the developer who built them (or service account the developer is a member of). 

    To implement this scenario you would need to create your own connector(s) as pass in auth tokens.  If the endpoint already has a swagger definition this is pretty quick, so worth considering as an option.  All logic apps connectors are based on a swagger provided by the ISV.  I asked if Microsoft has a listing of these swagger endpoints to expedite the process of replicating the connector and the answer is no unfortunately.   

    • Marked as answer by bolecut Tuesday, February 12, 2019 5:00 PM
    Tuesday, February 12, 2019 5:00 PM