How Do I Implement Delegated OAuth with Microsoft Graph for Per-User Security in Decisions Flows?
Hello,
I’m trying to build flows in Decisions that use Delegated Authentication Tokens with Microsoft Graph, so the data returned is security-trimmed to the user running the flow. I’m unsure how to implement this in Decisions, especially for multiple users.
- How do I set up delegated authentication in Decisions for Microsoft Graph?
- If multiple users are running flows, do I need to manage separate tokens for each?
- What’s the best way to handle token refresh and cleanup at scale?
Comments
-
Hello,
Great questions! Here’s how to approach delegated authentication with Microsoft Graph in Decisions:
Each user must authenticate and consent, generating their own delegated token. Decisions does not natively manage or rotate multiple user tokens automatically.
Set up OAuth authorization in Decisions to acquire and refresh tokens dynamically within your flows. You can use scheduled jobs for token refresh and cleanup.
Managing many tokens (for 10+ users) can be complex. Consider alternatives like using tokens per logical process or security group, or leverage the current session ID for API calls to simplify management.
Using the current session ID for delegated authentication is secure alternative that aligns with best practices in Decisions.
https://documentation.decisions.com/docs/establishing-an-oauth-provider
https://documentation.decisions.com/docs/creating-oauth-tokens
https://documentation.decisions.com/docs/using-oauth-with-rest-integration
https://documentation.decisions.com/docs/api-and-authentication
0
Howdy, Stranger!