This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.
Azure AD OAuth Proof of Possession (PoP) for Azure Logic Apps
Logic Apps supports bearer-type authorization schemes for Azure AD OAuth access tokens, which means that the “Authorization” header for the access token must specify the “Bearer” type.
We have now added the support for PoP-type authorization schemes for Azure AD OAuth access tokens, which means that the “Authorization” header for the access token must specify the “PoP” type.
For now, the PoP support is only available in consumption Logic Apps
How do you get the PoP token
This sample uses a daemon app and shows how to use Proof Of Possession (PoP) tokens which is now available in the MSAL libraries. You can acquire Proof of Possession (PoP) tokens using MSAL if the Logic App that you want to call requires it.
Follow these steps to leverage PoP tokens for authorization in Logic Apps.
- Create a new ‘consumption’ Logic App or open an existing one.
- From the Logic app menu, select Settings, select Authorization. After the Authorization pane opens, select Add policy.
3. Provide Policy name which can be any string and select Policy type as “AADPOP”. Under Claims, provide the key-value pair of the different claim types and values that your logic app expects in the access token presented by each inbound call to the Request trigger. Using Add standard claim, you can add any standard claims that you want to use. To add claims specific to PoP, use the Add custom claim button.
For more information, review how to provide optional claims to your app. Your custom claim is stored as a part of your JWT ID; for example, "tid": "72f988bf-86f1-41af-91ab-2d7cd011db47".