Blog Post

Azure Integration Services Blog
2 MIN READ

Reauthenticate Visual Studio Code Access Tokens

cmeadows's avatar
cmeadows
Icon for Microsoft rankMicrosoft
Feb 23, 2023

If you've used the Azure Logic App (Standard) extension for Visual Studio Code, you are probably well aware that it uses seven-day access tokens to authenticate with Azure API Connections. This is to make up for Visual Studio Code using your work account for authentication instead of a Managed Identity you can create an access policy for.

 

The down-side to this is that currently there is no way to reauthenticate these tokens from VS Code, you generally have to create a new connection.

 

However, there is an API you can use to manually generate new access tokens:

 

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/connections/{connectionName}/listConnectionKeys?api-version=2018-07-01-preview

 

The Request Body should include the following JSON:

 

{"validityTimeSpan" : "7"}

 

If we plug this into a tool like Postman, it should generate a new token that you can use to replace the existing one in local.settings.json

 


 

Update local.settings.json:

 


 

Of course, this is still tedious to have to do but luckily it is something that can be easily scripted.

 

For example, here is how you could make this request via PowerShell:

$resourceID = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/connections/{connectionName}"

$accessToken = (Get-AzAccessToken).Token
$header = @{
    "authorization" = "Bearer $accessToken"
    "Content-Type" = "application/json"
}

$body = @{"validityTimeSpan" = "7"}
$json = $body | ConvertTo-Json

$url = "https://management.azure.com$($resourceId)listConnectionKeys?api-version=2018-07-01-preview"

(Invoke-RestMethod -Uri $url -Method "Post" -Headers $header -Body $json).connectionKey

 

When scripting, you have a couple options on how to run all your existing connections through the API.

 

  1. You can get the Resource IDs from a connections.json file

  1. Use PowerShell or Azure CLI to fetch all API Connections in a Resource Group
Get-AzResource -ResourceGroupName {resourceGroupName} -ResourceType 'Microsoft.Web/connections'

 

Once you have a list of Resource IDs, you can iterate through them, putting each through the API.

 

Disclaimer: This API is currently undocumented. While it should not cause any harm, please do not use if you are not comfortable with it being undocumented. 

Updated Feb 23, 2023
Version 1.0
logic apps
No CommentsBe the first to comment