Search User Login Menu

LogicApps: Get the user who submitted your Outlook Actionable Message.

Doctor SharePoint

LogicApps: Get the user who submitted your Outlook Actionable Message.

LogicApps: Get the user who submitted your Outlook Actionable Message.

In many cases, when sending an Outlook Actionable Message, you are sending it to a specific user account and the resonse is always related to that user. 

What about when you want to send an Actionable Message that anyone in your organization can answer?  There is no documented way of determining what user responded to the message card directly from LogicApps.  The only article I could find uses a FunctionApp with a HTTP trigger which can analyze the authorization token sent in the request.  I have not been able to find a pure LogicApps solution to this.  Is it really so uncommon to send an approval to a group email address, and need to know who actually clicked the button in the Actionable Message?

I didn't think so!

Well, the Doctor was able to break down the FunctionApp method and translate it to a LogicApps solution.

It turns out that all of the LogicApps HTTP receiving functionalities operate in a similar way and they all make use of the Action-Authorization HTTP Request Header.


From the Bearer value of this header value, you can derive additional details about the request, including - you guessed it - the user who submitted the response (without having to involve a FunctionApp, just to get this simple bit of information.)

In the example above, we are using a HTTP Webhook to initiate the sending of the Outlook Actionable Message, and collect the response.  The message submit action responds back to the Webhook callback URL and provides the user's selections as well as the Action-Authorization Header.


There are several ways to implement the following, I'm showing it this way:

First is to get the Action-Authorization header value from the WebHook response. 

For a few reasons, I chose to isolate the headers json: ParseJSON Action:


The next step is the magic, decrypt the Action-Authorization Bearer token:

Compose Action: decodeBase64(concat(split(replace(body('ParseResponseHeadersJSON')?['Action-Authorization'], 'Bearer ', ''), '.')?[1], '=='))

Breaking this expression down:

  • First, remove the word "Bearer" from the value of the Action-Authorization header.
    replace(body('ParseResponseHeadersJSON')?['Action-Authorization'], 'Bearer ', ''), '.')
  • Then spit the value into pieces using '.'
  • Concat '==' to the end of the 2nd value in the array from the split. This step makes it a valid Base64 encrypted value.
  • Finally, decode the base64 string.


The result of this is an (almost complete) json packet, but it still has an invalid character at the end of the last value, and the closing curly brace is missing, for some reason.  So next, the json string is corrected to replace the last character with a curly brace:

Compose Action: concat(substring(outputs('CalculateAuthInfo'),0,sub(length(outputs('CalculateAuthInfo')),1)),'}')


At this point, the Output of the AuthInfoJSONFix action, is a valid JSON Packet containing details about the authorization of the submitter:


  "iat": 1633320922,

  "ver": "STI.ExternalAccessToken.V1",

  "appid": "48ZZZZdc-fZZ2-4ZZf-b2a7-0zzZZd99zzZZ",

  "sub": "41x2434e-ds6f-4s45-9b74-4e782946d4c1",

  "appidacr": "2",

  "acr": "0",

  "tid": "2b4b4eee-537b-4569-8150-6b6aeaac14eb",

  "sender": "",

  "oid": "41c1905e-de1f-4a49-9b74-4e723629c4c1",

  "iss": "",

  "aud": "",

  "exp": 1633321822,

  "nbf": 163332092



The sub value is the AzureAD GUID of the submitting user.


Using the ParseJSON Action:


To get the email of the submitting user, you need to use an AzureAD connector for the Get User action.


After issuing the Get User action, the profile information can be used any number of ways:



13205 Rate this article:
Please login or register to post comments.
Back To Top