Thank you for the quick response Marius.

I was afraid this would be the answer. I have tried so many scenarios without luck 😦

My company has a lot if Consumption Logic Apps needing to access resources cross-tenant. Unfortunately, we now have to re-thing this approach.

Hi, unfortunately probably no. LogicApps does not (as far as I know) allow you to get a token for api://AzureADTokenExchange, which means that the second step (getting a token for an app using a federated credential) does not work. Whether it is consumption based or not does not matter here.

Thank you for at great article.

Do you by any chance know if this approach will work with Consumtion Logic Apps?

Thanks.

https://bevutils.marcbeavan.com worked fine when F5’ing, but https://bevutils.marcbeavan.com/textutils resulted in a 404.

Adding the fallback config worked a treat!

Would also like to register my interest for this 👀 Thanks for your insight!

I followed the above instructions but I am getting the folllowing error while running the script.

Invoke-RestMethod: Line | 47 | $r = Invoke-RestMethod -Uri “https://graph.microsoft.com/v1.0/users?` … | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | {“error”:{“code”:”Authorization_RequestDenied”,”message”:”Insufficient privileges to complete the operation.”,”innerError”:{“date”:”2025-05-31T06:36:11″,”request-id”:”5e4b67c0-ec39-0000-0000-1d0908a71046″,”client-request-id”:”5e4b67c0-ec39-4000-0000-1d0908a71046″}}}

Can you please help? thanks

To my astonishment, and without an alternative approach, I was able to get this working. Thank you Marius! A few months later I added a new attribute (as the Java SDK code snippets are broken) and now the authentication for the Extension no longer works. I have spent many days trying to work out what is going wrong but until I can figure it out all User testing is stopped. Can anyone help? Many thanks