Sunday, October 21, 2018

Bypassing Connector Authentication in PowerApps

Have you ever had a PowerApp request your permission to access various services before it would load?  If so, then that PowerApp is leveraging these connectors in some way.  But what if you don't want each user to have to do that?  What if some of the services require permissions that the end user doesn't have?  In this post, I'll share an interesting work-around to this problem, broken down into 3 scenarios.



When you are using Connectors in PowerApps, each user accessing the PowerApp needs to give permission to the specific connector the first time they use it.  If there are multiple connectors, then the user needs to authenticate each of them, as shown below.



For this post, I've built a simple app to display the user's given name.  To get the given name, I'm using the Office 365 Users connector.



So, how do we get it without having every user give explicit permissions to the Office 365 Users connector?

Scenario 1 - Getting the Given Name directly from PowerApps

In this first scenario, I have added the Office 365 connector directly to the PowerApp (View > Data sources > + Add data source > Office 365 Users).  The text field, then uses the Default method to set the value using Office365Users.UserProfileV2(User().Email).givenName


If you try to access this PowerApp from another account, the first time, the user will be prompted with the following message:


No good!  Try again.

Scenario 2 - Use PowerApp to call a Flow to retrieve the Given Name

In the second scenario, I have removed the Office 365 connector from the PowerApp and replaced it with a Flow called .  This way, the Flow is doing the work with the connector.  The Flow is fairly simple in structure as shown below.



I also had to make the following modifications to the PowerApp

  1. Remove the Office 365 Users connector  (View > Data sources >  Office 365 Users > ... > Remove).  There's no more need for it
  2. On the Screen1, add a Flow for OnStart (Screen 1 > Actions > Flows > Get Given Name).  We need to connect the Flow to the PowerApp when the PowerApp is launched
  3. Change the function for OnStart to Collect(GivenName,'Get Given Name'.Run(User().Email)).  This way, the value will get loaded into a Collection
  4. Change the text field Default value to First(GivenName).givenname.  As the result is stored in a collection, we want to retrieve the first record and get the givenname field.

Save, publish, and try again.  Strike 2!  The Flow is keeping the context of the user and is still requesting the user for permission.

Scenario 3 - Leverage a Secondary Flow to do all the Connector work

In this third scenario, I am leveraging a secondary flow to access the Office 365 connector to retrieve the user's given name.  The secondary flow is invoked using an HTTP trigger.


Here's what the revised first Flow looks like


By doing so, the Flow that is called from the PowerApp and the PowerApp itself have never leverage the Office 365 connector.


0 comments:

Post a Comment