logicapps icon indicating copy to clipboard operation
logicapps copied to clipboard

Published 20 hours ago verified publisher icon Azure

Managed identity to Graph API works with GUID but gives 403-Forbidden when using the URL as the audience value

Open ppanchal-mobiz opened this issue 2 years ago • 0 comments

The workflow below gives expected output when using the GUID value 00000003-0000-0000-c000-000000000000 as audience but fails when using the URL https://graph.microsoft.com.

{
    "definition": {
        "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
        "actions": {
            "HTTP": {
                "inputs": {
                    "authentication": {
                        "audience": "https://graph.microsoft.com", ## Works only when using 00000003-0000-0000-c000-000000000000
                        "type": "ManagedServiceIdentity"
                    },
                    "method": "GET",
                    "uri": "https://graph.microsoft.com/v1.0/applications"
                },
                "runAfter": {},
                "type": "Http"
            },
            "Response": {
                "inputs": {
                    "body": "@body('HTTP')",
                    "statusCode": 200
                },
                "kind": "http",
                "runAfter": {
                    "HTTP": [
                        "Succeeded"
                    ]
                },
                "type": "Response"
            }
        },
        "contentVersion": "1.0.0.0",
        "outputs": {},
        "triggers": {
            "manual": {
                "inputs": {
                    "method": "GET"
                },
                "kind": "Http",
                "type": "Request"
            }
        }
    },
    "kind": "Stateless"
}

ppanchal-mobiz avatar Jun 16 '22 19:06 ppanchal-mobiz