Share via

WorkflowAppOAuthTokenFailure in Logic Apps

Taiki Inoue 0 Reputation points
2025-05-07T05:21:41.3266667+00:00

Hello!

I am currently creating a flow using the Microsoft Forms connector as a trigger and standard Logic Apps, but it doesn't work. When I opened the Trigger history tab, there were only errors with the code WorkflowAppOAuthTokenFailure.

In API Connections, my connection is authorized and shows a "connected" status.

I don't see any error messages in the associated Application Insights. In Power Automate, my simple flow worked successfully.

A user-assigned managed identity was used with this logic apps resource. I set a key-value (AZURE_CLIENT_ID, the client id) in my logic app environment valiables.

I think I signed in Microsoft Forms with my company's account.

When I created another flow using Outlook 365 connector as a trigger, there were same errors message in the application insights.

User's image

Does anyone know about WorkflowAppOAuthTokenFailure error? Any possible misconfigurations?

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,474 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Praveen Kumar Gudipudi 180 Reputation points Microsoft External Staff
    2025-05-07T18:22:59.2666667+00:00

    @Taiki Inoue ,

    You're getting unable to load proper managed identity so please add user assigned managed identity instance to logic app.

    Open logic app>> Goto Identity>> user assigned>> add your user assigned identity.

    enter image description here

    if you already configured this, please let us know.

    0 comments
  2. Sina Salam 19,936 Reputation points
    2025-05-08T00:14:26.4833333+00:00

    Hello Taiki Inoue,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    I understand that you are having WorkflowAppOAuthTokenFailure in Logic Apps.

    Your Logic App might be configured correctly. This issue typically arises because your user-assigned managed identities are not automatically applied to API connections and the WorkflowAppOAuthTokenFailure with message unable to load the proper Managed Identity occurs because the Microsoft Forms connector and Outlook 365 connectors do NOT support managed identity authentication. - https://learn.microsoft.com/en-us/azure/logic-apps/authenticate-with-managed-identity

    This is how you can resolve it:

    1. To make sure your Logic App Standard has the user-assigned identity enabled and assigned:
      • Go to Azure Portal > Your Logic App > Identity. Under the User-assigned, confirm the correct identity is added and enabled. For details tips. Screenshot shows Consumption logic app and Identity page with selected option for Add. Screenshot shows Consumption logic app with associated user-assigned identity.
    2. Configure the API Connections to Use the Managed Identity. This is the most crucial step even if Logic App has user-assigned identity, your API connections (Microsoft Forms, Outlook) are likely still using OAuth with user credentials. To fix this:
      • Open the API Connection resource (e.g., shared_microsoftforms, shared_office365).
      • Go to the "Edit API connection" (either through Logic App Designer or API connections blade).
      • Under Authentication type, choose Managed Identity.
      • Then choose "User-assigned identity", and select the same one used in Logic App.
      • If "Managed Identity" is not available as an option for that connector, then Forms or Outlook connectors do not support managed identities in that case, you must use OAuth authentication with a service principal or user.
    3. You can use HTTP Actions instead of Native Connectors as an alternative option. If Forms or Outlook connectors do not support managed identities, consider:
      • Replacing them with HTTP requests using Microsoft Graph API.
      • In your Logic App, use the HTTP action and configure authentication using the user-assigned managed identity to call Graph endpoints.
    4. Then, do the following to test your flow again:
      • Ensure AZURE_CLIENT_ID is correctly set in Logic App environment variables.
      • Restart your Logic App after changes to environment or identity config.
      • Monitor Application Insights and run history for updates.

    I hope this is helpful! Do not hesitate to let me know if you have any other questions or clarifications.

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.