I have an API that implements OAUTH Azure Active Directory Authentication. To achieve this, I created 2 App Registrations: Client and Backend.
I successfully implemented a Logic App able to call the API, so I am sure the authentication flow works.
Now, I need to call the same API from Power Apps, but unfortunately I got an error.
First, I create a Custom Connector
Then, I configure the Security section in this way:
- Client ID: it's the ID of the Client App Registration
- Client Secret: it's the secret of the Client App Registration
- Login Url: login Url from Microsoft
- Tenant Id: it's the Tenant Id of App Registrations
- Resource URL: I don't know what to put here, I tried by using the ID of the Backend App Registration
- Scope: It's not mandatory, but I tried to set the Application ID URI of the Backend App Registration concatenated to /.default.
When I try to create a Connection at the end of the wizard
I get this error
AADSTS650052: The app needs access to a service ("http://rts.powerapps.com") that your organization "a467080d-9919-4241-a48f-8b0002685a59" has not subscribed to or enabled. Contact your IT Admin to review the configuration of your service subscriptions.
My Client App Registration has the following API Permissions
UPDATE
Following @ChauncyZhou's suggestion and adding the Redirect URL generated by the Custom Connector to Client App Registration, I completed Custom Connector and Connection creation process.
When I test the API I get a 401 error:
The audience '97e**********************9c9' is invalid
Where 97e**********************9c9 is the Backend App Registration id. Did I make some mistake when I configured the Custom Connector? API works fine with Postman and Logic App.
api://97e**********************9c9/.default
.Failure passed to redirect url. error=invalid_resource error_description=AADSTS500011: The resource principal named api://97e**********************9c9/.default was not found in the tenant named a46**********************a59. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
. Look at my Client Registration App Permissions to see that consent has been done.