Azure AD OAuth Proof of Possession (PoP) for Azure Logic Apps
Published Dec 05 2022 04:23 PM 1,418 Views
Microsoft

Azure AD OAuth Proof of Possession (PoP) for Azure Logic Apps

 

Logic Apps supports bearer-type authorization schemes for Azure AD OAuth access tokens, which means that the “Authorization” header for the access token must specify the “Bearer” type.

We have now added the support for PoP-type authorization schemes for Azure AD OAuth access tokens, which means that the “Authorization” header for the access token must specify the “PoP” type.

 

For now, the PoP support is only available in consumption Logic Apps

 

How do you get the PoP token

 

This sample uses a daemon app and shows how to use Proof Of Possession (PoP) tokens which is now available in the MSAL libraries. You can acquire Proof of Possession (PoP) tokens using MSAL if the Logic App that you want to call requires it.

Follow these steps to leverage PoP tokens for authorization in Logic Apps.

  1. Create a new ‘consumption’ Logic App or open an existing one.
  2. From the Logic app menu, select Settings, select Authorization. After the Authorization pane opens, select Add policy.

DivSwa_0-1670285916419.png

3.  Provide Policy name which can be any string and select Policy type as “AADPOP”. Under Claims, provide the key-value pair of the different claim types and values that your logic app expects in the access token presented by each inbound call to the Request trigger. Using Add standard claim, you can add any standard claims that you want to use. To add claims specific to PoP, use the Add custom claim button.

 

DivSwa_0-1670286022493.png

 

For more information, review how to provide optional claims to your app. Your custom claim is stored as a part of your JWT ID; for example, "tid": "72f988bf-86f1-41af-91ab-2d7cd011db47". 

Co-Authors
Version history
Last update:
‎Dec 05 2022 04:22 PM
Updated by: