I have a requirement to create a power apps custom connector which uses Azure Active Directory authentication and implements On behalf of user flow. The custom connnector needs to talk to a protected api allowing the user to login using their AAD credentials.
I have added the connector and set the following inputs
Authorization URL : https://login.microsoftonline.com/xxxxxxxxx/oauth2/v2.0/authorize
Token Endpoint : https://login.microsoftonline.com/xxxxxxxxx/oauth2/v2.0/token
Clientid : SPN which has been granted access to the API scope
Secret : Secret of the SPN
Tenant ID : xxxxxxxxx
Resource URl : api://[ApI client id]
Scope : api://[API client id]/.default
Problems:
- I cannot set the "Enable on-behalf-of login" to true. Whatever I do, it comes back to false after saving.
- Note that after saving, the tenant ID becomes common. Not sure why.
- When I test the connector using my credentials, it gives error with Authentication failed. Testing the API using Swagger works just fine.
Any idea how to properly create the connector using AAD? I would like to use the connector in power apps agent and impersonate the end user.