Power Automate API changes - v2 Admin scope now needs user_impersonation

/

This blog post is about two major updates to Flow Studio App and Flow Studio for Enterprise.

MSAL v2 Update

First one, we finally updated Flow Studio to MSAL v2 there’s a few reasons for this, but primarily, this is because we want to support modern browsers that are now by default disabling 3rd party cookies, which prevented previous authentication via hidden iframe method in earlier versions of MSAL and ADALjs.

Incidentally, this also means Flow Studio App now works on iPad and Safari. And should work better for many customers within enterprise that has 3rd party cookie disabled.

MSAL also supports multiple accounts so that’s an interesting scenario in the future to support multi-user or multi-tenancy? We’ll see.


Power Automate Admin API Scope

Secondly, we have a note on Power Automate API changes and how it affects us.

Power Automate /scopes/admin/v2/ supports fetching up to 250 flows per request prior to paging, by comparison, v1 only supports 50 flows. This means reading flows as admin is once again much quicker.


But we’ve also noticed that admin flow requests now need an additional user_impersonation scope.

Access Microsoft Flow as signed in user” (nice name!)




When customers login to Flow Studio App v1.1.45 or later, you will be asked to re-consent due to this additional scope.


Power Apps API changes - no longer accept Azure Management token

/

There has been recently a major change to the API and authorization that Flow Studio uses to access the Power Platform. As we have just pushed the update to production, we want to take a bit of time to write this blog post - why we are doing this, and how it might affect you.


Flow Studio uses a mixture of APIs available through Azure, Microsoft Graph, and Power Platform to provide a tool that lets us focus on our flows, and make sure they continue running successfully. Since the very beginning in 2018, Flow Studio does this by requesting an Azure authorization token when the user logs in. Since the Power Platform APIs sit on top of the Azure platform, this token was sufficient to access across multiple APIs.

In 2021 there was a big update with Power Automate APIs and now in 2023 there's a second update with Power Apps APIs. As a result, we made the decision to switch to granular, Power Platform specific permissions.

Scope, Permissions

"read flows", "manage flows" are required permissions to access Power Automate - see and update your flows, shared flows or solution flows.

"read activities" allows Flow Studio to read recent Power Automate events - we use this to figure out which flows have been running recently.

"read approvals" and "manage approvals" are related to Power Automate's approval feature. Flow Approvals is not an area we currently have major feature development in, but it is a tab that we have available, so we ask for this permission to maintain the feature.  Since Power Automate approvals v2, some of the data is also available via the default solution DataVerse entities. So if you are keen to do some approvals reporting, you can access them that way.

"Power Apps Service API" is for reading Power Apps and Power Platform connections.

"basic profile" is what most apps request to read the user's email address and display name.

"maintain access" is the "offline" access - since Flow Studio is a single web application we store your token in the browser's web storage temporarily (this is standard MSAL functionality).



Trust and Verified Publisher


Flow Studio is a trusted, verified publisher. This tick is provided by Microsoft, and tells our customers that we aren’t some random new app that’s popped up now asking for your permissions. We have been around since 2018, and have operated under Microsoft publisher guidelines in our use of the APIs and the care we have for our customers. If we do a bad thing, Microsoft knows how to find us.

We are a legal company registered in Australia, our office operates out of Sydney.



Path forward for Flow Studio

So from Flow Studio v1.1.41 or later - users will need to re-login and grant the new set of permissions to continue using Flow Studio.

Flow Studio for Teams and Enterprise is updated as of v0.1.070


Other users might be affected by this

  • If you use older versions of Power Platform Power Shell

  • If you have very old Power Apps connectors created from a long time ago

  • If you are using Office CLI to perform some actions on the Power Platform

You may see specific errors referring to "The received access token has been obtained from the wrong audience or resource".





Turning a new page

/

Wanted to write again, and let everyone know what I’ve been up to. I ended up taking a break through most of 2021 and 2022 simply resting, recovering, and doing light work from home.

2023 resumed with a big bang, I found motivation and drive to dive back into the many projects I’ve temporarily shelved in the last two years. I’ve also became pretty handy with a bunch of home DIY projects. It was a big change to the old me that only knew how to do digital projects but not physical projects. Perhaps more on that in a future post.

Flow Studio

We’ve had several Flow Studio fixes in the last two months

  • there was an API pagination fix since the API no longer accepts 250 records at once and restricts us to only 50. (That means more pages and API call takes longer)

  • API auth fix relating to Power Apps is in-progress.

  • There’s a second API skip/continuation token fix.

  • We’ve also tweaked the way trail is applied when anyone wants to try Flow Studio pro - you can sign up and trial will be available for two weeks - you can cancel the subscription before the trial end date to avoid being charged, if Flow Studio isn’t suitable for you.

Clarity / Flow Studio for Teams and Enterprise

We’ve had renewed interest in Flow Studio for Teams and Enterprise (Clarity) through the last few years.

  • Flow Studio for Teams will be tweaked to focus on monitoring critical flows and alerting users when their business critical flows fail. This will be priced simply and does not offer governance capabilities.

  • Flow Studio for Enterprise will be focused on the turnkey Power Platform Governance story, adding new features to scan more areas of the Power Platform, and integrate with CoE starter kit.

  • So far this year, we’ve added BYO Azure Storage. There’s been a lot of fixes to API breakages in Power Apps area this year.

Contract Work

I started a regular part time contract work in Sydney CBD, so if you are local, hit me up for a coffee.

  • I’m working with a lot of Power BI reports

  • There’s a lot of Power Automate doing the heavy lifting as well.

  • We are also talking about adding some Power Apps visuals to allow executive comments to be collected during a report presentation.

Community

Several of the meetups, conferences and events that I used to participate in are becoming active again. I hope to see more of the community not just virtually, but physically as well. I hope to be able to grab a coffee with you soon.

Tiny forward steps for me and Flow Studio

/
miriam-eh-kWWeA1DVQxY-unsplash (1).jpg

I’ve been taking little tiny steps forward, this is a good time to share what I’ve been up to.

Flow Studio

There are several Flow Studio updates in the works. v1.1.00 is coming out very soon, and there are several important updates:

  • The development build is on https://dev.flowstudio.app/

  • The major update are changes to the backend APIs that flow studio calls. I am really thankful for the extra time given for me to work on this.

  • In subscriptions link there is now a way to see and manage your own subscriptions, using the Stripe billing support page.

  • There are a number of UX fixes to improve performance and bug fixes since last update.

Please let me know if you have any issues with Flow Studio. Bug fixes are priority.

Branding and Product Offerings

I renamed from Flow Studio to Power Studio last year, and introduced a new product Power Clarity. This has created a lot of additional branding work that’s time consuming to manage. So I’ve decided to simplify everything.

Original Updated Notes
Power Studio Flow Studio
Flow Studio Flow Studio We are going back to our original name
Power Studio Free   Flow Studio Free The freemium offering
Power Studio Pro Flow Studio Pro US$20 Monthly / US$200 Yearly
Power Clarity Flow Studio Teams US$2000 Yearly
Power Clarity Flow Studio Enterprise   Enquire

Flow Studio Free is for everyone

  • quickly see all your own flows

  • manage them using a tool designed for bulk operations.

Flow Studio Pro is for power users who needs more operations

  • Editing Flow JSON

  • Migrate flows

  • Bulk cancellation

  • Export flow history

  • Restore Flow to earlier versions.

  • Administrators that wants to see all the flows in their environment

Flow Studio Teams is for teams to manage all the flows used by their team

  • See all your flows, across multiple accounts

  • Manage them in bulk

  • Continuous monitoring of flow runs

  • Continuous backups

Flow Studio Enterprise is for IT and compliance departments that wants to have full visibility to understand, manage and utilize all the flows used within an organization.

  • Licensing assistance

  • Backup, migrate flows between accounts

  • DLP policy assistance and violations

  • Continuous reports

  • Cross tenancy support


How are you doing, John?

I’m OK, thank you for reaching out. Some days are really good, other days I can’t do it and just take a break.

It is currently school holidays in Sydney and we are in a new lockdown, so stuck at home. Let me know if you want to chat, I can find time to chat (remotely is OK).

2021 - break and thrive

/

Hello, you.

This is a very personal post.

2020 was tough on everybody, and it looks like 2021 may eventually bring a little bit of reprieve. I only have a modest and simple wish:

kurt-cotoaga-9Nq1IUhhayg-unsplash.jpg


For an immediate, urgent and heavy family matter, I must take a really significant break to try and ensure me and my family survives 2021. For our young family, this is a time of immense personal pain and loss.

  • I must take a break to be with my family — at least until April, but may be many more months. There’s no hurrying this, I want to take a much time as we need.

  • My consulting clients are aware of what’s happening and are so supportive. I have some reduced work with them that I will fulfill.

  • Flow Studio / Power Studio will continue, in the short time there’s a bunch of additional updates in the preview dev build dev.flowstudio.app that needs to be validated and pushed over into production.

  • Power Clarity will continue, but in a much, much slower pace.

  • My writings on the blog or YouTube will be random. There are mornings when I can muster some energy to write, in code or in blogs. If you enjoy them and want to see more, you REALLY have to tell me because I need (and otherwise lack) energy to produce them.

  • I’m unlikely to respond to questions on Twitter or LinkedIn

What can you do for us?

  • If you use Power Automate - I would really appreciate it if you would have a look at powerstudio.app, either for yourself or tell people about it. If it’s helpful to you, consider subscribe to it. If it doesn’t help you - let me know what might push you over the line to be a fan.

  • If you are already one of our 5400+ users or fans of Power Studio and wants to see the future evolved version - check out powerclarity.app

  • If you like Power Apps - you really should check out my GamePad PCF component and tell people about it.

  • I’m keeping my circumstances personal, but a generic statements that has a time component like hope you’ll get through it quickly, or hope you recover soon can miss the mark because I want as much time as we can to still have together. A nicer thing to say is probably please survive as long as you can.

  • Please put it in your calendar to check in on me every month from now, may be beginning of March, or beginning of April. Future me probably need someone to check in on me.

  • Years in the future, when the pandemic is over, invite me to your home for a meal.

How are you feeling?

We are free falling. There’s no parachute. When we hit the ground, at least one of us won’t survive, but we may all fall apart. We are already falling apart.