Comments (6)
Yeah, we are already using this now with CI/CD. You need a service account which has Conditional Access exception (so MFA isn't required) and it works.
using namespace Microsoft.IdentityModel.Clients.ActiveDirectory
[CmdletBinding()]
param (
$tenant,
$username,
$password
)
# Load the latest version of ADAL
$aadModule = Get-Module -Name 'AzureAD*' -ListAvailable
if($aadModule.count -eq 0) {
Install-Module AzureAD -Force -Repository PSGallery -Scope CurrentUser
$aadModule = Get-Module -Name 'AzureAD*' -ListAvailable
}
if ($aadModule.count -gt 1) {
$latestVersion = ($aadModule | Select-Object version | Sort-Object)[-1]
$aadModule = $aadModule | Where-Object { $_.version -eq $latestVersion.version }
$adalDll = Join-Path $aadModule.ModuleBase 'Microsoft.IdentityModel.Clients.ActiveDirectory.dll'
}
elseif ($aadModule.Count -eq 1) {
$adalDll = Join-Path $aadModule.ModuleBase 'Microsoft.IdentityModel.Clients.ActiveDirectory.dll'
}
else {
throw 'Prerequisites not installed (AzureAD PowerShell module not installed)'
}
[System.Reflection.Assembly]::LoadFrom($adalDll) | Out-Null
$clientId = '04b07795-8ddb-461a-bbee-02f9e1bf7b46'
# Authenticate to your app
$resourceAppIdUri = 'https://management.core.windows.net/'
$authority = "https://login.microsoftonline.com/$tenant"
$authContext = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext ($authority)
$userCredential = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.UserPasswordCredential($username, $password)
$authResult = $null
$authResult = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions]::AcquireTokenAsync($authContext, $resourceAppIdUri, $clientId, $userCredential)
if ($authResult.Result) {
$authHeader = @{
'Content-Type' = 'application/json'
'Authorization' = $authResult.Result.CreateAuthorizationHeader()
'ExpiresOn' = $authResult.Result.ExpiresOn
}
}
elseif ($authResult.Exception.InnerException) {
throw $authResult.Exception.InnerException
}
$objectId = $authResult.Result.UserInfo.UniqueId
$errors = @();
$files = Get-ChildItem -Recurse "solutions/**/*_openapidefinition.json"
foreach ($file in $files) {
try {
$result = Invoke-RestMethod -Method Post -Uri "https://europe.api.powerapps.com/providers/Microsoft.PowerApps/objectIds/$objectId/validateApiSwagger?api-version=2016-11-01&enableopenapivalidation=true&enableConnectorCertificationRules=true" -Headers $authHeader -Body (Get-Content $file | Out-String)
if ($result) {
Write-Host "WARNING: $($file.Name)"
Write-Host $result
Write-Host
}
}
catch {
Write-Host "ERROR: $($file.Name)"
$errors += $_.ErrorDetails
$details = $_
try {
$errorMessage = $_.ErrorDetails | ConvertFrom-Json
if ($errorMessage.error.message) {
Write-Host $errorMessage.error.message
}
else {
Write-Host "$($errorMessage))"
}
}
catch {
Write-Host "RAW ERROR: $details"
}
Write-Host
}
}
if($errors.Count -ne 0) {
throw "Errors occured during validation, please check the log."
}
UPDATE: Forgot to mention, for this to work, the user needs to have at least the Power Automate free license (or the Power Apps baseline one) and has to interactively sign-in to Microsoft Flow from time to time, otherwise you will end up with 403 errors due to user not having the entitlement for Power Apps. See my second post about client_credentials.
from powerplatformconnectors.
Also, it would be great if it was possible to authenticate via client_credentials rather than a service account - because this is sort of a security issue (interactive non-MFA account). I tried authenticating via client_credentials but the API says that the Service Principal doesn't have any entitlement to use Power Apps.
from powerplatformconnectors.
@hajekj We may have an opportunity to contribute to this now, so we've added this to the backlog and will prioritize accordingly.
from powerplatformconnectors.
@hajekj Thanks for posting your solution. We are aware of this issue. Please feel free to add this enhancement to the CLI itself. The CLI source is open and available here: https://github.com/microsoft/PowerPlatformConnectors/tree/dev/tools/paconn-cli
from powerplatformconnectors.
Well, I think it would make sense to add support for client_credentials flow, but that needs to be enabled on the backend first. Once it's there, I am happy to write that part. @mamurshe
from powerplatformconnectors.
On this matter, I've added the parameters --user_name (-u) and --password (-p) to the login command and a separate list command in my own fork of PowerPlatformConnectors. If you look for a simple solution, you can use that version at your own risk. There is also a release with a built .whl file which can simply be installed using pip => Release.
from powerplatformconnectors.
Related Issues (20)
- OpenAI GPT (Independent Publisher) issue HOT 1
- OpenAI GPT (Independent Publisher) issue
- [BUG] FreshService Connector Not Adhering to Severity Levels
- unable to merge pull request
- Telegram Bot (Independent Publisher) issue
- GPT-SAPB1
- [BUG] <title>Access Denied Error in Uploading multiple files is S3 Buckets HOT 1
- [BUG] Connector Ownership Acknowledgement
- ISV Studio closed, Updated process in Microsoft Docs, Partner Center lacks certification option as per 11/06/2024 HOT 1
- HubSpot CMS (Independent Publisher) issue HOT 1
- [SERVICE TEAM SUPPORT REQUEST] Power Apps getting internal server error
- [BUG] Operations are not found, resulting in failures for Power Automate connectors. HOT 1
- OpenAI GPT (Independent Publisher) issue
- PowerAutomatem flow: issue with Convert result set rows from array to objects
- Remove Of ISVStudio HOT 1
- Partner Centre Certification Process
- Telegram Bot (Independent Publisher) issue
- Partner Centre Package structure
- [BUG] <HTTP Connector reference is missing>
- [FEATURE REQUEST] Add Attachment Data Card and Enhance Patch Function to Handle Attachments in Power Apps
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from powerplatformconnectors.