Entra App Registration with Credential and Slack Notify

arazzo: 1.0.1
info:
  title: Entra App Registration with Credential and Slack Notify
  summary: Register a Microsoft Entra application, add a client secret, then notify Slack.
  description: >-
    A service-identity provisioning workflow that registers a new application in
    Microsoft Entra ID, adds a client secret (password credential) to the app so
    it can authenticate, and posts a Slack notification to the platform team.
    Chains the created application id into the credential request.
  version: 1.0.0
sourceDescriptions:
  - name: entraApi
    url: https://raw.githubusercontent.com/api-evangelist/microsoft-entra/refs/heads/main/openapi/microsoft-entra-graph-identity-openapi.yml
    type: openapi
  - name: slackApi
    url: https://raw.githubusercontent.com/api-evangelist/slack/refs/heads/main/openapi/slack-chat-openapi.yml
    type: openapi
workflows:
  - workflowId: register-app-add-credential
    summary: Register an Entra app, add a secret, and notify Slack.
    description: >-
      Registers an application in Microsoft Entra ID, adds a password credential
      to the application, and posts a Slack message with the new app id.
    inputs:
      type: object
      properties:
        displayName:
          type: string
        secretDisplayName:
          type: string
        slackChannel:
          type: string
    steps:
      - stepId: register-app
        description: Register the new application in Microsoft Entra ID.
        operationId: $sourceDescriptions.entraApi.createApplication
        requestBody:
          contentType: application/json
          payload:
            displayName: $inputs.displayName
            signInAudience: AzureADMyOrg
        successCriteria:
          - condition: $statusCode == 201
        outputs:
          appObjectId: $response.body#/id
          appId: $response.body#/appId
      - stepId: add-credential
        description: Add a client secret to the new application.
        operationId: $sourceDescriptions.entraApi.addApplicationPassword
        parameters:
          - name: application-id
            in: path
            value: $steps.register-app.outputs.appObjectId
        requestBody:
          contentType: application/json
          payload:
            passwordCredential:
              displayName: $inputs.secretDisplayName
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          secretKeyId: $response.body#/keyId
      - stepId: notify-slack
        description: Notify the platform team in Slack.
        operationId: $sourceDescriptions.slackApi.postChatPostmessage
        requestBody:
          contentType: application/json
          payload:
            channel: $inputs.slackChannel
            text: Registered Entra application $inputs.displayName and issued a client secret.
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          messageTs: $response.body#/ts
    outputs:
      appId: $steps.register-app.outputs.appId
      secretKeyId: $steps.add-credential.outputs.secretKeyId
      messageTs: $steps.notify-slack.outputs.messageTs