2

I have an API that implements OAUTH Azure Active Directory Authentication. To achieve this, I created 2 App Registrations: Client and Backend.

I successfully implemented a Logic App able to call the API, so I am sure the authentication flow works.

enter image description here

Now, I need to call the same API from Power Apps, but unfortunately I got an error. First, I create a Custom Connector enter image description here

Then, I configure the Security section in this way: enter image description here

  • Client ID: it's the ID of the Client App Registration
  • Client Secret: it's the secret of the Client App Registration
  • Login Url: login Url from Microsoft
  • Tenant Id: it's the Tenant Id of App Registrations
  • Resource URL: I don't know what to put here, I tried by using the ID of the Backend App Registration
  • Scope: It's not mandatory, but I tried to set the Application ID URI of the Backend App Registration concatenated to /.default.

When I try to create a Connection at the end of the wizard enter image description here I get this error

AADSTS650052: The app needs access to a service ("http://rts.powerapps.com") that your organization "a467080d-9919-4241-a48f-8b0002685a59" has not subscribed to or enabled. Contact your IT Admin to review the configuration of your service subscriptions.

My Client App Registration has the following API Permissions enter image description here

UPDATE

Following @ChauncyZhou's suggestion and adding the Redirect URL generated by the Custom Connector to Client App Registration, I completed Custom Connector and Connection creation process.

When I test the API I get a 401 error:

The audience '97e**********************9c9' is invalid

Where 97e**********************9c9 is the Backend App Registration id. Did I make some mistake when I configured the Custom Connector? API works fine with Postman and Logic App.

Improve this question
7
  • You can remove PowerApps Runtime Service permissions and run it again.
    – Chauncy Zhou
    Commented Sep 2, 2020 at 7:25
  • You can put api://97e**********************9c9/.default into the Resource URL and don't need to put anything in the scope.Try it again.The error occurs because the token you requested successfully was not issued by the resource you want to access.
    – Chauncy Zhou
    Commented Sep 4, 2020 at 7:30
  • It doesn't work with Scope empty and Resource URL equal to api://97e**********************9c9/.default.
    – user2297037
    Commented Sep 4, 2020 at 17:07
  • I get this Failure passed to redirect url. error=invalid_resource error_description=AADSTS500011: The resource principal named api://97e**********************9c9/.default was not found in the tenant named a46**********************a59. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.. Look at my Client Registration App Permissions to see that consent has been done.
    – user2297037
    Commented Sep 4, 2020 at 17:07
  • Hmmm,i'm sorry,last time I forgot to let you try api://97e**********************9c9/ this format... in this format,I completed Custom Connector and Connection creation process.You can try it, maybe you can fix the 401 error, too.
    – Chauncy Zhou
    Commented Sep 7, 2020 at 7:24

1 Answer 1

Reset to default
2

When you call the same API from Power Apps, you don't need to add Powerapps Runtime Service permission.Because you are calling your own api,Not calling the Common Data service api.

Because you add this permission, but your organization has not subscribed to or enabled, so it causes an error.So for your question, you just need to remove PowerApps Runtime Service permissions.

Improve this answer
1
  • Great, it worked! I have also added the Redirect URL generated by the Custom Connector to complete Connection creation. Unfortunately, I have another problem, you find more details in the Question.
    – user2297037
    Commented Sep 3, 2020 at 14:40

Not the answer you're looking for? Browse other questions tagged or ask your own question.