Power Platform Pipelines oAuth Configuration App
- Matt Collins-Jones
- 1 hour ago
- 2 min read
I've written before about my architectural pattern for oAuth connection delegated deployments and I've even provided a step by step guide and template flow to help people with the process but it's still quite complicated.
Today I am releasing a solution that organisations can use to make connection management easier for delegated deployments where they need to update connections during deployments. I hope that one day this won't be needed and that this gap is filled in the product, but until then, I want to make it as easy as possible for organisations to use Pipelines.
The full details and download of my solution is over on my GitHub here. But I wanted to do a run through of the solution.
It is built on top of the Power Platform Pipelines solution, but as an additional application, not part of it. It include a single table from the Power Platform Pipeline solution, with is the deployment stages and two custom tables, one for Power Platform Connectors and one for Connections.
The connectors table can be populated manually, via an import I provide or a flow if you want to build it. This contains the logical name of the connector and the friendly name.
This is used in a lookup on the connections table.
To configure a connection, go to the connections table and create a new record. Fill in the Connector, the connection ID and the Pipeline stage.
Once the Pipeline stage is selected, a quick view form will appear, showing details about the Pipeline, to ensure you have selected the right one.
Once the connections are configured, there is just one last thing to do, which is to ensure the flow the re-writes and connections and approves the deployment, is configured with the Service Account/Stage Owner that will be doing the deployment. This user needs to go into the flow and update the connection reference for 3 actions:
Unbound Action - Approve Deployment No Change
Unbound Action - Approve Deployment No Change to Env Vars
Perform an unbound action - Approve Deployment
This solution works well for organisations with a single account for Stage Owner Deployments, but can be adapted to multiple Stage Owners across different pipelines and/or environments. To do this, you must adapt the flow to handle this or duplicate the flow per pipeline and use triggering conditions to only trigger the right flow for the pipeline/environment. The reason for this is that the Stage Owner needs to be the connection for the approval steps above, so if you have more than one, you need to extend this solution.
However, I think the majority of organisations, this application will help people handle the connection re-write.
This is just the first iteration of this solution, so if you have any recommendations for improvements, let me know.
Ciao for now!
MCJ