Azure AD OAuth Proof of Possession (PoP) for Azure Logic Apps

[Guest DivSwa]

Azure AD OAuth Proof of Possession (PoP) for Azure Logic Apps

 

 

 

 

Logic Apps supports bearer-type authorization schemes for Azure AD OAuth access tokens, which means that the “Authorization” header for the access token must specify the “Bearer” type.

 

We have now added the support for PoP-type authorization schemes for Azure AD OAuth access tokens, which means that the “Authorization” header for the access token must specify the “PoP” type.

 

 

 

For now, the PoP support is only available in consumption Logic Apps

 

 

 

How do you get the PoP token

 

 

 

 

This sample uses a daemon app and shows how to use Proof Of Possession (PoP) tokens which is now available in the MSAL libraries. You can acquire Proof of Possession (PoP) tokens using MSAL if the Logic App that you want to call requires it.

 

Follow these steps to leverage PoP tokens for authorization in Logic Apps.

 

1. Create a new ‘consumption’ Logic App or open an existing one.
   
2. From the Logic app menu, select Settings, select Authorization. After the Authorization pane opens, select Add policy.
   

 

 

3. Provide

Policy name

which can be any string and select

Policy type

as “AADPOP”. Under Claims, provide the key-value pair of the different

claim types

and values that your logic app expects in the access token presented by each inbound call to the Request trigger. Using Add standard claim, you can add any standard claims that you want to use. To add claims specific to PoP, use the

Add custom claim

button.

 

 

 

 

 

For more information, review 

how to provide optional claims to your app

. Your custom claim is stored as a part of your JWT ID; for example, "tid": "72f988bf-86f1-41af-91ab-2d7cd011db47".

 

Continue reading...