Add multiple authentications on a custom connector

Multiple authentications (multi-auth) is a feature that allows users to create connections by providing them with an option to choose which authentication method they want to use to create their connection, as opposed to being limited to just one authentication type.

For a connector, a collection of authentication types is defined via connectionParameterSets in the apiProperties.json file.

Important

Enabling multiple authentications on a custom connector is not supported on the Custom Connector Wizard yet. Use Microsoft Power Platform Connectors CLI instead to create a custom connector with multi-auth.

How to enable multi-auth

Add the connectionParameterSets in the apiProperties.json file, and populate the collection connectionParameterSets.values with as many connectionParameters needed for the connector.

Note

To know more about connection parameters and authentication types, visit Connection Parameters.

The following is the structure of connectionParameterSets:

"connectionParameterSets": {
  // uiDefinition for the parameter sets.
  "uiDefinition": {
    "displayname": "Select the authorization type",
    "description": "<<Enter here your description>>"
  },
  "values": [
    // Connection parameter set
    {
      "name": "<parameter set name>",
      // uiDefinition for this parameter set.
      "uiDefinition": {
        "displayname": "<display name>",
        "description": "<description text>"
      },
      "parameters": {
        // Schema matches existing "connectionParameters"
        "<parameter name>": {
          "type": "string | securestring | oauthsetting"
        },
        "<parameter name>:clientId": {
          "type": "string",
          "uiDefinition": {
            "schema": {
              // For string types, the description must be placed in
              // uiDefinition.schema.description to be shown in the description box
              "type": "string",
              "description": "<description text>"
            },
            "displayName": "<display name>",
          }
        }
      }
    },
    {
      "name": "<parameter set name 2>"
      // ...
    }
  ]
}

Examples

Configuration with API key and Basic Authentication

"connectionParameterSets": {
    "uiDefinition": {
        "displayName": "Authentication Type",
        "description": "Type of authentication to be used."
    },
    "values": [
        {
            "name": "basic-auth",
            "uiDefinition": {
                "displayName": "Use your X credentials",
                "description": "Log in using your username and password for X."
            },
            "parameters": {
                "username": {
                    "type": "string",
                    "uiDefinition": {
                        "displayName": "X username",
                        "schema":{
                            "description": "The username for X",
                            "type": "string"
                        },
                        "tooltip": "Provide your X username",
                        "constraints": {
                            "required": "true"
                        }
                    }
                },
                "password": {
                    "type": "securestring",
                    "uiDefinition": {
                        "displayName": "X password",
                        "schema":{
                            "description": "The password for X",
                            "type": "securestring"
                        },
                        "tooltip": "Provide your X password",
                        "constraints": {
                            "required": "true"
                        }
                    }
                }
            }
        },
        {
            "name": "api-auth",
            "uiDefinition": {
                "displayName": "Use X API Key",
                "description": "Log in using X's API Key."
            },
            "parameters": {
                "api_key": {
                    "type": "securestring",
                    "uiDefinition": {
                        "constraints": {
                            "clearText": false,
                            "required": "true",
                            "tabIndex": 3
                        },
                        "schema":{
                            "description": "Enter your API Key for X",
                            "type": "securestring"
                        },
                        "displayName": "API Key generated in X"
                    }
                },
                "environment": {
                    "type": "string",
                    "uiDefinition": {
                        "displayName": "Environment",
                        "schema":{
                            "description": "The API environment to use; either production or sandbox",
                            "type": "string"
                        },
                        "tooltip": "Select an API environment to use",
                        "constraints": {
                            "required": "true",
                            "allowedValues": [
                                {
                                    "text": "Sandbox",
                                    "value": "YOUR_SANDBOX_VALUE_HERE"
                                },
                                {
                                    "text": "Production",
                                    "value": "YOUR_PROD_VALUE_HERE"
                                }
                            ]
                        }
                    }
                }
            }
        }
    ]
}

Configuration with Entra ID and OAUTH 2.0

It's possible to have two connectionParameters of the same type with. In this case, both authorizations use oauthSetting type: one allows the user to create a connection using Entra ID while the other goes to a custom endpoint.

"connectionParameterSets": {
    "uiDefinition": {
        "displayName": "Authentication Type",
        "description": "Type of authentication to be used."
    },
    "values": [
        {
            "name": "aad-auth",
            "uiDefinition": {
                "displayName": "Use default shared application",
                "description": "Log in using the standard X app."
            },
            "parameters": {
                "token": {
                    "oAuthSettings": {
                        "clientId": "YOUR_AAD_APPLICATION_ID_HERE",
                        "customParameters": {
                            "loginUri": {
                                "value": "https://login.windows.net"
                            },
                            "resourceUri": {
                                "value": "https://graph.microsoft.com"
                            },
                            "tenantId": {
                                "value": "common"
                            }
                        },
                        "identityProvider": "aad",
                        "properties": {
                            "IsFirstParty": "False"
                        },
                        "redirectMode": "GlobalPerConnector",
                        "scopes": [
                            "Group.ReadWrite.All offline_access"
                        ]
                    },
                    "type": "oauthSetting"
                }
            }
        },
        {
            "name": "custom-app-auth",
            "uiDefinition": {
                "displayName": "Use the X authentication app",
                "description": "Log in using X app."
            },
            "parameters": {
                "token": {
                    "type": "oauthSetting",
                    "oAuthSettings": {
                        "clientId": "YOUR_CLIENT_ID_HERE",
                        "identityProvider": "oauth2",
                        "redirectMode": "GlobalPerConnector",
                        "customParameters": {
                            "authorizationUrl": {
                                "value": "https://login.dummy.net/request"
                            },
                            "refreshUrl": {
                                "value": "https://login.dummy.net/token"
                            },
                            "tokenUrl": {
                                "value": "https://login.dummy.net/token"
                            }
                        }
                    }
                }
            }
        }
    ]
}

Take a look at RescoCloud connector here for a current example on how to implement multi-auth.