Azure App Client Secret Expiry via Power Automate or Logic Apps

Рет қаралды 3,348

Күн бұрын

This demo is all about efficiency with complex data structures in Power Automate but also Logic Apps. In this video I take a brief look at an Azure App Registration, which are essential components of modern application architecture, facilitating secure communication between apps and services. However, the keys associated with these registrations - be it client secrets or key certificates - come with an expiration date. Failing to renew these keys in a timely manner can lead to service disruptions and security vulnerabilities.
Traditional approaches via Graph API and Power Automate, often involve time-consuming nested loops and iterations through key arrays, leading to complexity and potential performance bottlenecks.
Even if the implementation of client secret expiry notifications isn’t on your immediate agenda, grasping these concepts for data manipulation within Power Automate remains crucial for optimizing your workflow efficiency.
My solution addresses these challenges by combining the capabilities of Power Automate and the Graph API in a way that sets it apart from the rest by using XML and XPath. The primary goal is to identify and monitor app registrations with keys set to expire within the next 30 days and proactively notify their owners.
Take a read of my blog post for more details www.damobird365.com/azure-app...
List applications on Graph API learn.microsoft.com/en-us/gra...
00:00 Intro
00:52 Azure App Registration
01:13 Graph API Endpoint
01:38 Graph Explorer
02:50 Power Automate Flow History / Demo
04:35 Logic Apps and new Flow Designer
05:43 Explanation of the solution
07:34 Get pages from API via Do Until
10:44 Convert JSON to XML
11:43 Generating XPath expressions
15:41 Querying XML via XPath
17:55 Calculate the date difference of expiry
19:02 Obtaining upcoming expiring passwords / keys
19:47 Obtaining the App Owners
21:57 Outro - like and subscribe!
Please buy me a coffee www.buymeacoffee.com/DamoBird365 ☕

Пікірлер: 34

11 ай бұрын

Wow, this demo is awesome! You did a great job explaining how to use Power Automate and Graph API to manage app registrations and keys. I love how you used XML and XPath to simplify the data manipulation and avoid nested loops. Your demo is very clear and well structured, and I learned a lot from it. Thank you for sharing this! #repurposeTriggered

@DamoBird365 11 ай бұрын

I fully expected you to be here off the back of ‘repurpose’ 😂 thank you Kristof. Appreciated.

@mahmutkilisli1126 8 ай бұрын

Thank you

@robofski 11 ай бұрын

Great, you’ve ruined my Sunday now, as I’ll be setting this up 😂 Awesome video!!!

@DamoBird365 11 ай бұрын

I try my best to make your weekends more enjoyable. Thanks for the amazing comment. Appreciated and have fun.

@GieBaNa 24 күн бұрын

hahaha

@nvlddmkm1282 9 ай бұрын

Great work here. I'll never understand why they made Power Automate/Logic Apps infinitely more complicated than scripting, especially since this was meant to be a more "user friendly" GUI-based approach. I created a PowerShell script to accomplish this in minutes, but would've never been able to figure this out.

@DamoBird365 9 ай бұрын

I think it’s good to have the option. Your PowerShell could even be an azure function and call it from Power Automate like www.damobird365.com/restore-deleted-flows-as-an-admin/

@joneslt 7 ай бұрын

Agreed. Logic apps are wildly complicated and not intuitive at all. Extremely poor design. Thank goodness for videos like this that can help unpack the complicated mess

@JesslynHendrix 9 ай бұрын

Thanks!

@DamoBird365 9 ай бұрын

Thank you too 😍 very kind and appreciated.

@julien8979 11 ай бұрын

Thank you for sharing this amazing video! Do you have any idea if it is possible to automatically renew the upcoming expiration keys of Azure App through Power Automate?

@DamoBird365 11 ай бұрын

The thought has crossed my mind. If you used a key vault, maybe, albeit I’ve not investigated.

@nithyaa.n7474 8 ай бұрын

is it possible to login into the website by using power automate please help to this

@TheBeast-gu9td Ай бұрын

Hi, does this flow check the cases of a single app having more than one key or password credentials, if not, how to correct it? Please help

@DamoBird365 Ай бұрын

I don’t think it will as the keys will be in a nested array. So you would need to consider an apply to each or use xpath as seen in this demo: Boost Your Power Automate Skills with Complex Arrays, Select, XML, and Join Techniques kzfaq.info/get/bejne/l8yhqapyx5iUdKs.html

@TheBeast-gu9td Ай бұрын

@@DamoBird365 hey , I think it covers the case, because initially we are extracting all the passwordCredentials and keyCredentials, which will include the case of an app having many secrets or certificates. Although I don't think this video's flow would cover an app registration having multiple owners... please correct me if I'm wrong...

@austinshircliff6986 5 ай бұрын

Im able to get the bearer token but it says I dont have permissions to Get the applications. I have the app registry setup with the delegated graph permission. Do we have to enable anything else or add it to any roles?

@DamoBird365 5 ай бұрын

It’s been a while since I did this so i don’t recall. You can check to see if this helps jwt.ms/ it decodes your token.

@austinshircliff6986 4 ай бұрын

Yeah its not showing me any roles when I decode the token. Im not sure why. @@DamoBird365

@joneslt 7 ай бұрын

In my opinion, this video is only for experts on this. It would have been much easier to follow if you started by creating a logic app from scratch. Instead, you dove right into the advanced stuff in an existing flow which makes this way more difficult to follow along. I've created some basic logic apps so I do have some experience, but I am completely lost here. That being said, appreciate those who do share their knowledge.

@DamoBird365 7 ай бұрын

You’ll find I’ve a mixture of levels across the 100+ videos I have. The principles also apply to Logic Apps and Power Automate. This video should raise awareness of advanced techniques using select and xml, demonstrating efficiency. If you’ve got a use case that hasn’t been covered elsewhere, feel free to drop me a dm. Hope you learned something though 👍

@joneslt 7 ай бұрын

@@DamoBird365 Thanks. I just thought it would have been more effective to show this from scratch. I'm trying to configure a logic app to read all of the expirations of all the secrets and certificates for our enterprise apps, and send an email to alert when they are going to expire in 30 days. I tried following this demonstration but am completely lost

@anuragsharma6230 6 ай бұрын

This part doesn't work in SelectPwdKeysFromAppsWithDates first(xpath(outputs('ComposeXML'),item()?['keydisplayName'])) Do you have any comments/update?

@DamoBird365 6 ай бұрын

Normally it’s a typo. Check your key name - keydisplayname. I would guess it’s wrong and therefore null. It would be based on the source array which you can check in the flow history.

@Mindfulnesforu 6 ай бұрын

Hey Mate were you able to find the issue ? I am having the same problem but still cant find the issue ..... I checked the Blog there are more people complaning about the same problem. ☺☺

@austinshircliff6986 4 ай бұрын

I just got it to work - I was having issues at first but found it was the copy and pasting of the single quote that was messing up the format. manually typing it all fixed it for me.

@DamoBird365 4 ай бұрын

@@austinshircliff6986 😍 nice one.