If you've used the Azure Logic App (Standard) extension for Visual Studio Code, you are probably well aware that it uses seven-day access tokens to authenticate with Azure API Connections. This is to make up for Visual Studio Code using your work account for authentication instead of a Managed Identity you can create an access policy for.
The down-side to this is that currently there is no way to reauthenticate these tokens from VS Code, you generally have to create a new connection.
However, there is an API you can use to manually generate new access tokens:
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/connections/{connectionName}/listConnectionKeys?api-version=2018-07-01-preview
The Request Body should include the following JSON:
{"validityTimeSpan" : "7"}
If we plug this into a tool like Postman, it should generate a new token that you can use to replace the existing one in local.settings.json
Update local.settings.json:
Of course, this is still tedious to have to do but luckily it is something that can be easily scripted.
For example, here is how you could make this request via PowerShell:
$resourceID = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/connections/{connectionName}"
$accessToken = (Get-AzAccessToken).Token
$header = @{
"authorization" = "Bearer $accessToken"
"Content-Type" = "application/json"
}
$body = @{"validityTimeSpan" = "7"}
$json = $body | ConvertTo-Json
$url = "https://management.azure.com$($resourceId)listConnectionKeys?api-version=2018-07-01-preview"
(Invoke-RestMethod -Uri $url -Method "Post" -Headers $header -Body $json).connectionKey
When scripting, you have a couple options on how to run all your existing connections through the API.
Get-AzResource -ResourceGroupName {resourceGroupName} -ResourceType 'Microsoft.Web/connections'
Once you have a list of Resource IDs, you can iterate through them, putting each through the API.
Disclaimer: This API is currently undocumented. While it should not cause any harm, please do not use if you are not comfortable with it being undocumented.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.