logicapps icon indicating copy to clipboard operation
logicapps copied to clipboard

Published 20 hours ago verified publisher icon Azure

Http request connectors with managed identity are not working locally (Logic App Standard)

Open timjansenortec opened this issue 2 years ago • 4 comments

I am using a Http request with ManagedServiceIdentity to get a secret from a keyvault: "Some_Action": { "inputs": { "authentication": { "audience": "https://vault.azure.net", "type": "ManagedServiceIdentity" }, "method": "GET", "uri": "@{parameters('keyVaultUrl')}/secrets/SomeSecret?api-version=7.1" }, "runAfter": {}, "type": "Http" },

This gives the following error when running locally in Visual Studio Code: 'The operation 'Some_Action' for workflow 'XX' contains managed identity authentication which is supported only for Logic Apps Standard or Logic Apps running in App Service Environments.

Am I doing something wrong? Is this even a supported scenario? It would be nice if logic apps could get the identity from the context, the same way that DefaultAzureCredential does in a coded app (https://docs.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet).

timjansenortec avatar Jun 27 '22 16:06 timjansenortec

Same issue, question. are managed identities (user) supported for the vs code local scenario?

[2022-07-26T15:47:34.411Z] Workflow Error: operationName='WorkflowDefinitionProvider.ProcessWorkflow', message='Workflow 'sb-employees_bc-employees-resources' validate and create workflow operation failed, the exception is 'The operation 'HTTPRunQueryAndListResultsTranslations' for workflow 'sb-employees_bc-employees-resources' contains managed identity authentication which is supported only for Logic Apps Standard or Logic Apps running in App Service Environments.'', exception='Microsoft.Azure.Workflows.Common.ErrorResponses.ErrorResponseMessageException: The operation 'HTTPRunQueryAndListResultsTranslations' for workflow 'sb-employees_bc-employees-resources' contains managed identity authentication which is supported only for Logic Apps Standard or Logic Apps running in App Service Environments

bydynamics avatar Jul 26 '22 16:07 bydynamics

As a workaround, I have written my own custom connector that internally uses DefaultAzureCredentials. This works fine. For me this is worth the effort, since I am doing a bunch of other things in the custom connector. For the most basic scenario, this is way too hassle.

In my opinion, using ManagedServiceIdentity should 'just' work when running locally in vs code.

timjansenortec avatar Jul 28 '22 07:07 timjansenortec

Same issue and question. @derek1ee Could you shed some light on this scenario?

StefanPuntNL avatar Sep 14 '22 18:09 StefanPuntNL

I'm also running into the same issue. Was anyone able to find a solution or is creating a custom connector the only work-around?

kseeman avatar Oct 06 '22 19:10 kseeman

managed identity is not supported when running locally. You need to either run this in azure or you can configure AAD authentication on the action either with clientId/Secret or a certificate

rohithah avatar Nov 16 '22 08:11 rohithah

Is support for managed identities in VSCode on the roadmap?

It would enhance the local development experience quite a bit

simonp92 avatar Nov 24 '22 12:11 simonp92