Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ActiveDirectoryOAuth authentication '-Authority' parameter - No default value #89

Closed
evandeworp opened this issue Jul 27, 2020 · 2 comments
Closed

ActiveDirectoryOAuth authentication '-Authority' parameter - No default value #89

evandeworp opened this issue Jul 27, 2020 · 2 comments

Comments

@evandeworp
Copy link

TemplateGenerator.cs creates '-Authority' parameter with no default value like this example:

"Get_FullLoad_Data-Authority": {
  "type": "string",
  "defaultValue": ""
},

When I query ARM:

(Search-AzGraph -Include DisplayName -Query 'where type =~ "Microsoft.Logic/workflows" | where name =~ "logic-azureactivedirectory-fullload-01"|where resourceGroup =~ "rg-hrfuncapp-dev"').properties.definition.actions.Try_Scope.actions.Get_FullLoad_Data.inputs.authentication

I don't see "authority" in the results:

type : ActiveDirectoryOAuth
tenant : @variables('Secret')?['Tenant']
clientId : @variables('Secret')?['ClientId']
audience : @variables('Secret')?['ApiUrl']
secret : @variables('Secret')?['ClientSecret']

The above results (with no "authority") seems to match Microsoft documentation https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-custom-api-authentication which has the following example that also has no "authority" value:

{
"tenant": "",
"audience": "",
"clientId": "",
"secret": "",
"type": "ActiveDirectoryOAuth"
}

Could TemplateGenerator.cs please not add the "-Authority" template parameter if "authority" is not returned by ARM. I ask this because it creates a template parameter with no default value which then breaks Get-ParameterTemplate.
@MLogdberg
Copy link
Collaborator

MLogdberg commented Aug 3, 2020
edited

Hi,
The reason audience is added is beacuse ARM returns that property when properties to the api connection is collected and it's set to empty string as default due to that defalt value from connector is null and that is breaking the release. If the value is empty string ARM will handle it and use a default value instead, I'll check the Get-ParameterTemplate and the setup to check for a valid solution.
Thanks for reporting!

@evandeworp
Copy link
Author

Now I don't think there is an issue in 1.0.20. I had to set authority to 'https://login.windows.net' in the template file generated by an older version (maybe 1.0.17?) but I can't recreate the problem with 1.0.20. Instead it works as you say: ARM handles the empty string as the value of "authority" with no issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MLogdberg @evandeworp