locked
Logic App Trigger for Service Bus Queue Topic failing with 401 Error RRS feed

  • Question

  • Hi,

    I've Service Bus Queue Topic configured to fire Logic App whenever Message has been posted into Topic. I'm sending message through Postman into Message Topic. I've used Bearer Token Authorization and Application/JSON content type to send the message into queue. I've generated bearer token key for resource servicebus.azure.net using my client credentials i.e., Tenant Id, Client, Subscription Id for Azure Account.

    When I post message through POSTMAN, I'm getting Status Code 201 and getting message sent successfully sent to TOPIC, Trigger getting fired to Invoke Logic App. But the Logic App is failing with Status Code 401, The erorr is

    "40103: Invalid authorization token signature, Resource:sb://xxxx.servicebus.windows.net/messagerouting/subscriptions/yyyyyy

    xxx - Servicebus Namespace

    yyyy - logicapp name

    How to resolve this error? How do I validate Logicapp thorough servicebus call?

    My Logic App step is : When a message is received in topic subscription(peek-lock)

    The Primary and Secondary SAS Keys are generated for Logicapp and I've granted Owner access for

    My App to this Logic app and servicebus namespace through IAM.

    Thanks
    Kalyan.


    https://servicebus.azure.net
    I've Service Bus Queue Topic configured to fire Logic App whenever Message has been posted into Topic. I'm sending message through Postman into Message Topic. I've used Bearer Token Authorization and Application/JSON content type to send the message into queue. I've generated bearer token key for resource servicebus.azure.net using my client credentials i.e., Tenant Id, Client, Subscription Id for Azure Account.
    I've Service Bus Queue Topic configured to fire Logic App whenever Message has been posted into Topic. I'm sending message through Postman into Message Topic. I've used Bearer Token Authorization and Application/JSON content type to send the message into queue. I've generated bearer token key for resource servicebus.azure.net using my client credentials i.e., Tenant Id, Client, Subscription Id for Azure Account.
    Monday, February 17, 2020 3:22 PM

All replies

  • I believe the Service Bus Connector for Logic App only supports connecting to Service Bus using a connection string.

    Tuesday, February 18, 2020 5:30 AM
  • Hi,

    Thanks for your reply, But can you be please bit elaborative on this? If it only supports Service Bus Connector using connection string how do we implement that when you are configuring Logic App to process the messages received in Service BUS Topic Issue? Do we need to pass connection details as part of  Header? I believe that may not be the issue.

    Because I'm able to post successfully messages into service bus TOPIC which is subscribed to trigger logic app when message has been received into the queue which is getting fired as soon as message received but it is failing with authorisation issue? How Logic App validates the identity when processing messages?  Sample Input/output JSON are mentioned below for your reference when the trigger of Message queue fires (When a message is received in a topic subscription (peek-lock) ) to invoke Logic App )

    Hope it helps.

    Input JSON:

    {
        "method""get",
        "queries": {
            "sessionId""Next Available",
            "subscriptionType""Main"
        },
        "path""/messagerouting/subscriptions/ToTransformationLogicApp/messages/head/peek",
        "host": {
            "connection": {
                "name""/subscriptions/17f914ed-4861-452d-a185-0fd34aabca49/resourceGroups/ka_test_servicebus_logicapps/providers/Microsoft.Web/connections/servicebus"
            }
        }
    }

    Output :

    {
        "statusCode"401,
        "headers": {
            "Pragma""no-cache",
            "x-ms-request-id""65379ca6-215a-4f77-8137-c9cef38cef78",
            "Strict-Transport-Security""max-age=31536000; includeSubDomains",
            "X-Content-Type-Options""nosniff",
            "X-Frame-Options""DENY",
            "Timing-Allow-Origin""*",
            "x-ms-apihub-cached-response""true",
            "Cache-Control""no-store, no-cache",
            "Date""Tue, 18 Feb 2020 11:43:39 GMT",
            "Content-Length""505",
            "Content-Type""application/json",
            "Expires""-1"
        },
        "body": {
            "status"401,
            "message""40103: Invalid authorization token signature, Resource:sb://XXXXXX.servicebus.windows.net/messagerouting/subscriptions/totransformationlogicapp. TrackingId:9ab7af1c-f4c0-45ba-8804-07b990c02273_G36, SystemTracker:sw5knuq4zapeu.servicebus.windows.net:messagerouting/Subscriptions/ToTransformationLogicApp, Timestamp:2020-02-18T11:43:39\r\nclientRequestId: 65379ca6-215a-4f77-8137-c9cef38cef78",
            "source""servicebus-uks.logic-ase-uksouth.p.azurewebsites.net"
        }
    }



    Tuesday, February 18, 2020 11:47 AM
  • Apologies... Seems like I accidentally deleted most of my answer before submitting.

    Anyways, when using the service bus connector for logic apps, you have to provide the connection string when creating your first action as below

    image

    There is currently no support to use a service principal with the connector, so none of the RBAC configuration that you've done (I assume for the MSI of the Logic App) will work here.

    As for your logic app triggering, the service bus trigger here is a polling based trigger which will run for the configured time

    image

    Since you probably have the API Connection for the service bus connector created already, you can edit it to use a connection string instead of a SAS key (you will find this resource in the same resource group as your logic app)

    image


    Tuesday, February 18, 2020 1:34 PM
  • Hi,

    Thank you very much for the response. Its kind of moved forward once I updated Connection String details in Service Bus API Connection and used same connection in Logic App Action Step. But I'm still not able to complete the app. Even though it displays status code 202.  Following is the HTTP response code and Input/Output JSON details Logic APP Action "When a message is received in a topic subscription (peek-lock)" This happens even if I send message or not. I send message into service bus topic through postman and the response code that I get is 201.

    Input JSON :

    {
        "method""get",
        "queries": {
            "sessionId""Next Available",
            "subscriptionType""Main"
        },
        "path""/messagerouting/subscriptions/ToTransformationLogicApp/messages/head/peek",
        "host": {
            "connection": {
                "name""/subscriptions/17f914ed-4861-452d-a185-0fd34aabca49/resourceGroups/ka_test_servicebus_logicapps/providers/Microsoft.Web/connections/servicebus-1"
            }
        }
    }

    OutPut JSON:

    {
        "statusCode"202,
        "headers": {
            "Pragma""no-cache",
            "Retry-After""0",
            "x-ms-request-id""2d6f1fbd-0ded-4a38-9759-d77c483dc76b",
            "Strict-Transport-Security""max-age=31536000; includeSubDomains",
            "X-Content-Type-Options""nosniff",
            "X-Frame-Options""DENY",
            "Timing-Allow-Origin""*",
            "x-ms-apihub-cached-response""true",
            "Cache-Control""no-store, no-cache",
            "Date""Wed, 19 Feb 2020 10:16:35 GMT",
            "Location""https://logic-apis-uksouth.azure-apim.net/apim/servicebus/81d0426b8a6c49afbf28c6d2390802a6/messagerouting/subscriptions/ToTransformationLogicApp/messages/head/peek?sessionId=Next+Available&subscriptionType=Main&triggerstate=Next+Available%24287bc271-3af4-4baf-bf19-a1171ab7f491",
            "Content-Length""2",
            "Content-Type""application/json",
            "Expires""-1"
        },
        "body"""
    }

    It checks for Message for every 30 seconds.. Before this action used to fail after I made changes as advised in previous response its now getting skipped.

    Thanks in Advance.

    Wednesday, February 19, 2020 10:28 AM
  • As mentioned in my earlier reply, this is a polling based trigger which checks for messages based on the schedule that you configure it for.

    You can read more about this behavior in the doc for service bus trigger.

    Thursday, February 20, 2020 2:12 PM
  • HI 

    Thanks for your response. I've gone through the weblink that you shared with me and set-up the service bus in same way as described in doc. But I'm not able to get Logic App fired to process the message that has been posted in ServiceBus Topic. Its always getting skipped instead of triggering logic App. 

    Let me know if you require any further information. I tried to explain in detail as much possible in my above post regarding that I'm facing!!!

    Let me know if I'm missing anything or do need to differently to trigger the logic app when message has been posted in Service bus queue.

    Thanks

    Kalyan.

    Friday, February 21, 2020 10:34 AM