Giter VIP home page Giter VIP logo

Comments (6)

hajekj avatar hajekj commented on July 23, 2024 1

Yeah, we are already using this now with CI/CD. You need a service account which has Conditional Access exception (so MFA isn't required) and it works.

using namespace Microsoft.IdentityModel.Clients.ActiveDirectory 

[CmdletBinding()]
param (
    $tenant,
    $username,
    $password
)

# Load the latest version of ADAL 
$aadModule = Get-Module -Name 'AzureAD*' -ListAvailable 
if($aadModule.count -eq 0) {
    Install-Module AzureAD -Force -Repository PSGallery -Scope CurrentUser
    $aadModule = Get-Module -Name 'AzureAD*' -ListAvailable 
}
if ($aadModule.count -gt 1) { 
    $latestVersion = ($aadModule | Select-Object version | Sort-Object)[-1] 
    $aadModule = $aadModule | Where-Object { $_.version -eq $latestVersion.version } 
    $adalDll = Join-Path $aadModule.ModuleBase 'Microsoft.IdentityModel.Clients.ActiveDirectory.dll' 
}
elseif ($aadModule.Count -eq 1) { 
    $adalDll = Join-Path $aadModule.ModuleBase 'Microsoft.IdentityModel.Clients.ActiveDirectory.dll' 
}
else { 
    throw 'Prerequisites not installed (AzureAD PowerShell module not installed)' 
} 
[System.Reflection.Assembly]::LoadFrom($adalDll) | Out-Null 

$clientId = '04b07795-8ddb-461a-bbee-02f9e1bf7b46'

# Authenticate to your app 
$resourceAppIdUri = 'https://management.core.windows.net/' 
$authority = "https://login.microsoftonline.com/$tenant" 
$authContext = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext ($authority) 
$userCredential = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.UserPasswordCredential($username, $password) 
$authResult = $null 
$authResult = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions]::AcquireTokenAsync($authContext, $resourceAppIdUri, $clientId, $userCredential) 
if ($authResult.Result) { 
    $authHeader = @{ 
        'Content-Type'  = 'application/json' 
        'Authorization' = $authResult.Result.CreateAuthorizationHeader() 
        'ExpiresOn'     = $authResult.Result.ExpiresOn 
    } 
}
elseif ($authResult.Exception.InnerException) { 
    throw $authResult.Exception.InnerException 
} 

$objectId = $authResult.Result.UserInfo.UniqueId

$errors = @();

$files = Get-ChildItem -Recurse "solutions/**/*_openapidefinition.json"
foreach ($file in $files) {
    try {
        $result = Invoke-RestMethod -Method Post -Uri "https://europe.api.powerapps.com/providers/Microsoft.PowerApps/objectIds/$objectId/validateApiSwagger?api-version=2016-11-01&enableopenapivalidation=true&enableConnectorCertificationRules=true" -Headers $authHeader -Body (Get-Content $file | Out-String)
        if ($result) {
            Write-Host "WARNING: $($file.Name)"
            Write-Host $result
            Write-Host
        }
    }
    catch {
        Write-Host "ERROR: $($file.Name)"
        $errors += $_.ErrorDetails
        $details = $_
        try {
            $errorMessage = $_.ErrorDetails | ConvertFrom-Json
            if ($errorMessage.error.message) {
                Write-Host $errorMessage.error.message
            }
            else {
                Write-Host "$($errorMessage))"
            }
        }
        catch {
            Write-Host "RAW ERROR: $details"
        }
        Write-Host
    }
}

if($errors.Count -ne 0) {
    throw "Errors occured during validation, please check the log."
}

UPDATE: Forgot to mention, for this to work, the user needs to have at least the Power Automate free license (or the Power Apps baseline one) and has to interactively sign-in to Microsoft Flow from time to time, otherwise you will end up with 403 errors due to user not having the entitlement for Power Apps. See my second post about client_credentials.

from powerplatformconnectors.

hajekj avatar hajekj commented on July 23, 2024 1

Also, it would be great if it was possible to authenticate via client_credentials rather than a service account - because this is sort of a security issue (interactive non-MFA account). I tried authenticating via client_credentials but the API says that the Service Principal doesn't have any entitlement to use Power Apps.

from powerplatformconnectors.

natalie-pienkowska avatar natalie-pienkowska commented on July 23, 2024 1

@hajekj We may have an opportunity to contribute to this now, so we've added this to the backlog and will prioritize accordingly.

from powerplatformconnectors.

mamurshe avatar mamurshe commented on July 23, 2024

@hajekj Thanks for posting your solution. We are aware of this issue. Please feel free to add this enhancement to the CLI itself. The CLI source is open and available here: https://github.com/microsoft/PowerPlatformConnectors/tree/dev/tools/paconn-cli

from powerplatformconnectors.

hajekj avatar hajekj commented on July 23, 2024

Well, I think it would make sense to add support for client_credentials flow, but that needs to be enabled on the backend first. Once it's there, I am happy to write that part. @mamurshe

**Update:** This has been requested in https://github.com//issues/225 These two are unrelated.

from powerplatformconnectors.

vicinik avatar vicinik commented on July 23, 2024

On this matter, I've added the parameters --user_name (-u) and --password (-p) to the login command and a separate list command in my own fork of PowerPlatformConnectors. If you look for a simple solution, you can use that version at your own risk. There is also a release with a built .whl file which can simply be installed using pip => Release.

from powerplatformconnectors.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.