Managing users for a Power App with SharePoint as a data source

In this blog post, I am going to show you how to manage users for a Power App which has SharePoint as a data source. Let’s take an example, you’ve built a Power App application which has its data stored in SharePoint. After the application is developed, you want to share the app with some users. To do so you’ll have to give the user access to

PowerApps
Access to the Data source (SharePoint in this case), it could be Read/Write based on the use case

Only after the user has been granted access, they would be able to use the application. To setup the process for managing users we are going to use an action “Edit App Role Assignment” under the connector “PowerApps for App Makers” in the flow. Find the steps to executed to make this happen

Create an Interface/screen for the Admins in PowerApps (custom role) to maintain (Add/Remove) the users of the application
Flow for granting access to the users
1. Action to grant access to the PowerApps
1. Action to add the user to the SharePoint site

Step 1: Create an Interface for the Admins in PowerApps to manage the users for the application

Create a list (User Roles) on the SharePoint site which acts as a data source for application with the below schema to maintain the users

Column	Type
UserName	Person or Group
Role	Choice (value: Admin, User)
RoleStatus	Single line of text (Default value: Add)

List Schema for UserRoles

Add a screen on the Power App as shown on the image below. I’ve given some information on the image the type of controls I’ve added on the screen. This screen will be shown only to the Admin role, the navigation to this screen could be based on click of a button placed somewhere on the screen. The visibility of the button to navigate to the admin interface could be set based on the data (Role) from the list User Roles list. In this example, I will have two roles an Admin and User. Find the below screen in PowerApp built for managing the users

Once the user name and the role has been entered on the section 1, click add which adds the user information to the list User Roles. Once a user is added, the flow will be triggered which has actions to grant access for a Power App.

Step 2: Flow for granting access to the users

I will be using a flow to grant access to PowerApp & SharePoint site. Let’s build the automated flow with trigger “When an item is created or modified” connected to the list User Roles

Add the action “Get User profile”, the input should be the email address of the user who must be given access to PowerApp. This step is required to get the user guid, to be given on a later step for granting access to PowerApp action

Now Add the action “Edit App Role Assignment” under the connector “PowerApps for App Makers”, this action is in preview mode by the time I am writing this post. To get more details on the different actions and its parameters with this connector go through this link. Make sure the connection to this action has access (Owner/Co-Owner) to share an App to a user. You would be able to get the GUID (App ID) of the Power App by going to the details section of an app.

Now let’s add an action to grant the user access to SharePoint site. I would be using a flow action “Send an HTTP request to SharePoint” to call a Rest API (POST) to get the user added to the SP site groups (Members/Viewers/Visitors). The connection for this action should have access (Site Owner) to share the site. Find the rest api details to add the user to a group

URI: _api/web/sitegroups(groupId)/users

Method: POST

Request Body: {‘LoginName’:’i:0#.f|membership|Emailaddressoftheuser’}

To get the SharePoint group id, navigate to the url https://domainname.com/sites/sitename/_layouts/15/user.aspx and click the group name and copy the URL which will have the groupid at the end.

https://domainname/sites/sitename/_layouts/15/people.aspx?MembershipGroupId=3

Find the action with the configurations

Execute the flow by adding the user to the list from the PowerApps interface, the flow gets triggered which will in turn grant the user access to PowerApp & SharePoint. Tada!!!

To revoke the access to a user, if you scroll back to the admin interface image for managing the user there is a delete button. Assume that the delete button click will update the column status on the User Roles list to “Revoke” for a user which would then trigger the same flow. On the same flow add a Switch which would then based on the value in the RoleStatus (Add/Revoke) column, add steps to revoke the access. This could be achieved in multiple ways. For e.g After the delete button is clicked the item on the UserRoles list can be deleted which will in turn call a flow created using the trigger “When an Item is deleted” with actions to revoke access

Action to Revoke Power App access, its the same action we used for adding user to an app but with some different parameters as shown below

The rest api details for revoking the user access from a SharePoint group

URI: _api/web/sitegroups(groupId)/users/removeByLoginName

Method: POST

Request Body: {‘loginName’:’i:0#.f|membership|Emailaddressoftheuser’}

The action to grant access to Power App can also be called from a Power App by creating a connection to the data source “PowerAppsforAppMakers” as below

Summary:This approach would help the super users of the app to manage user permissions for the Power App within Power Apps interface. On this post we have seen adding the user permission to SharePoint data source. Based on needs there should be ways to add users to different data sources if there’s an api endpoint or with the help of standard connectors available in Power Platform. Let me know any feedback or comments on the comment section below

Post a Teams Conversation on a Channel using API call/HTTP Request

On this blog post, I am going to cover different options to post a Teams conversation in a Teams channel using API call.

Using a Flow with HTTP Request trigger & Flow action
Create an Incoming Webhook in Teams
Graph Endpoint to create a Teams conversation

I do now see more requirements from customer to integrate Teams with different applications. These options for posting a message in a Teams channel could be to used on an External application or from a SharePoint Site using SPFx.

Create a Flow with HTTP Request trigger

Create an Instant flow with Trigger “When a HTTP request is received” a premium trigger which gets triggered to a HTTP request. This is a responsive trigger as it responds to an HTTP Request. The structure of the requests/responses that Microsoft Flow uses is a RESTful API web service known as REST. The API or HTTP post URL will be generated only after the flow is saved with at least one action.

Let’s say I would like to post a Teams conversation with @mention to a specific user and some message. In this case I will have to pass the information either in Parameters or on the body of the call. On this example we will be passing the information on the request Body

{
    "To":"ashiqf@####.onmicrosoft.com",
    "Message": "Hello from HTTP Request"
}

Copy the above sample and paste it on the popup you get after clicking on Generate Schema. The tool will automatically generate the JSON schema for you. Also jsonschema.net could be used to generate the schema

Find the generated schema below for the information email address & message which would be passed on the request body while making the POST call

Add the action “Post a message as the Flow bot to a channel”, this will create a Teams conversation on a specific channel in a Team. On the below screenshot, look at the way I am doing @mention to a user, leaving a New line & making a text appear Bold

After you save the flow, the HTTP Post URL will be generated for us to use in an external application or where ever we want. The API is not secured its anonymous. Lets now use Postman client to trigger. Don’t forget to set the headers for content-type to application/json, Information on the body & method to POST else the trigger will fail

After the Post button is clicked on Postman client which would then trigger the flow. The message on Teams channel will appear as shown below

In Postman client, there is an option to generate the code to call the API for different programming languages

As already said, the HTTP post URL is anonymous. If you would like to secure the flow actions, you could do it after the flow is triggered with some validations. If you look at the output from the Flow run for the Trigger, there is information on the field “User-Agent”, with this information you would able to add some validations

Create an Incoming Webhook in Teams for a Specific channel

Incoming webhooks could be used to create Teams Conversations on a specific channel on a team. It’s special type of Connector in Teams that provides a simple way for an external app to share content in team channels

To create a Webhook, go to the Teams channel where you would like to have the conversation posted. Click connectors

Look for Incoming Webhook from the list of connectors then click Add

Provide a Name for the webhook and click Create. Now the URL will be generated, click Done

The generated URL will be on this format, get this copied

https://outlook.office.com/webhook/24a&&546-75a8-4a24-b935-d1dbea060####@GUID/IncomingWebhook/GUID/GUID

I will now use post man to create a conversation in Teams, it has to be Post request with the information passed on the Body. The header information is not required for this POST call

{"text":"<b>Post using Incoming Webhook</b><br>Message from External Application!"}

Ref: https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook

Refer the below Microsoft documentation which has some example to create an Adaptive card in teams

https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/connectors-using

Graph Endpoint to create a Teams conversation

There is also endpoint (REST) available in MS-Graph to post/create a Teams conversation. The time I am writing this post, its a Beta endpoint and its not recommended for production use

POST /teams/{id}/channels/{id}/messages

The ID of the Teams and the Channel ID must be passed along with the bearer Token to create a team’s conversation. To get the bearer token create a Azure AD app with API permissions for Graph to create a message. The permission could be either Delegated or Application permissions based on the requirement. There are lot of articles which covers the steps to create an App in Azure so am not going to cover those in this post.

Ref: https://docs.microsoft.com/en-us/graph/api/channel-post-messages?view=graph-rest-beta&tabs=http

Summary:

I’ve described different ways to create team’s conversation using API calls. Hope you find this post informative & useful. If you have any comments or questions, let me know on the comment section.

Get attendees details of a meeting event using Power Automate/MS Flow

Its fairly easy to create an event using Power automate in Office 365 Outlook using the action Create Event but there is no action to get the attendees details on who has Accepted, tentatively accepted, Declined & No response if you are trying to automate.

MS Graph comes to the rescue to get the attendees details, there is an endpoint available to fetch the attendee’s details of an outlook event.

Let’s assume you are creating Outlook Event using flow action Create Event which has a connection using a different account (For e.g a service account with mailbox enabled). After the event is created the Event ID (Unique ID of an Event) is stored on a SharePoint Custom list or SQL etc to get the attendees information.

Before you start, you need to make sure you have the following:

Access to an Office 365 tenant with administrative access to Azure AD
Access to create flows in Microsoft Flow

Step 1 – Create an Application in Azure AD with API permissions to Calendar

You will need to register an application within Azure AD.

Navigate to Azure Active Directory from https://portal.azure.com and select App registrations. Select New registration. I am not going to list the steps required to create an Application in Azure AD, there are lot of blog posts & Microsoft articles which covers the steps. For this requirement, Redirect URI is not required to filled on the Azure app.

To get authorized to call Microsoft Graph in Power Automate/MS Flow, we’ll need the following information:

Tenant ID
Client ID
Client secret
API Permission to Read Calendar
Token Endpoint

Once the application is created, go to the API Permissions. To configure application permissions for the AD app to get the event information, API permission to the Calendar is required. Find the steps below to grant read permission to the calendar

Click on the API Permissions menu item in the navigation panel.
Click on the Add a Permission button.
Click Microsoft Graph under the tab Microsoft APIs.
Click on the Application Permissions button.
Expand the Calendars section.
Select the Calendars.Read option. This step gives access to the app for reading all the calendars in the mailboxes across the tenant.
Click on the Add Permissions button.
Click on the Grant Admin Consent button.
Click on the Yes button to confirm consent.

I use the Graph Explorer https://developer.microsoft.com/en-us/graph/graph-explorer# to test & explore different endpoints.

This explorer will not work for delegated permissions since it uses your permissions to access the API endpoint but you can use Postman to test the graph endpoint with the Oauth authentication.

Find the documentation for the different endpoints available for Calendar in the link

https://docs.microsoft.com/en-us/graph/api/event-get?view=graph-rest-1.0&tabs=http

For this requirement we are interested in the following HTTP request/endpoint to the get details of a different user using the version 1.0

GET /users/{id | userPrincipalName}/calendar/events/{id}

Step 2 – Create a Flow

With the Azure AD application created, you have to create a flow using it. You could even create a Azure logic Apps. Find the steps below to create a scheduled flow

First, go to https://flow.microsoft.com and go to My flows. Select New > Create Scheduled-from blank to create a new flowThis flow will be running on scheduled basis to get the attendees details.

Call the token endpoint of the tenant’s Azure AD which will provide us an access token for Microsoft Graph in return for the information contained in the request body. Use the Flow action HTTP which is premium action to make a HTTP post request for getting a token.

Before we construct the HTTP request, we need encode the client secret to avoid having URL unsafe characters:

encodeUriComponent(variables('ClientSecret'))

The HTTP method	POST
The request URL	https://login.microsoftonline.com/your tenant id/oauth2/v2.0/token
The Content-Type header	application/x-www-form-urlencoded
The request body	tenant=tenantID&client_id=clientID&client_secret=@{decodeUriComponent(variables(‘ClientSecret’))}&grant_type=client_credentials&scope=https://graph.microsoft.com/.default

The token endpoint URL can be obtained from the AD App by clicking on the Endpoint link as shown below

When the above HTTP request is made, we get authenticated, and in the response, we’ll receive the access token for calling Microsoft Graph. Before we can use the access token, we need to parse the JSON in the response body to make the token available to us in the dynamic content panel

The next step is to the parse the JSON response of the HTTP – Get Access token action and get the token type and access token to make a call to the Graph endpoint. To do this Add the action Parse JSON

The Content has to be the Body of the action HTTP – Get Access token and to build the schema.
Run the flow, copy the outputs [Body] of the action HTTP – Get Access token
Click the button Generate from Sample, paste the Body and click Done. These steps will generate the schema automatically

The next step is to call the Graph endpoint using the HTTP action with the token type & access token on the Headers obtained from the above method

GET URI: https://graph.microsoft.com/v1.0/users/useremailaddress/calendar/events/eventID/attendees

Event ID should be the ID of the event you would like to get the attendees information and Headers information is constructed from the Parse JSON – Access token.

Run the Flow, you will now have the attendee’s information in the JSON format as shown below. The JSON will have information about the users details and the responses. JSON Parse action could be used to parse the JSON and get the information as per the requirement

Hopefully you enjoyed reading this article and find it useful.

The Journey Begins

Thanks for joining me!

Good company in a journey makes the way seem shorter. — Izaak Walton

post

Share this:

Share this:

Step 2 – Create a Flow

Share this: