Since there is not integration for utilizing external email providers yet in flows. I have to do a http request first get a access token for my Microsoft email. However, I want to protect my secret key. Since the vault connection automatically attaches it as a bearer token it cannot be used.
Is there a way to utilize the vault for the body of a http request?
If I place my client secret plainly in the body can users see this request within the flow? Are there security concerns?
I little more background of why I am using two HTTP requests in my forms flow is that I am doing a OTP for new users only. I like your idea of creating the bearer token in the actions using the secrets. I could then pass this token down to the forms flow where I create the OTP and send it via the MS graph API.
I could possibly do a management API to modify the the vault bearer token from actions which may work as well. I’ll have to look into this, but right now since this is a one time action for new users, it’s working well enough.
My feature request at this time would be to have Management API to send a OTP email using a template. Then I could just create the code in flows or actions and then send it using the API and then collect and verify all while using my configured email provider.