cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
salihzett
Frequent Visitor

Reset Password via Graph API and Enterprise Application

‎08-27-2022 12:35 AM

Hello,

I build a workflow for a specific group of persons and I want to trigger this every month. Independent from a user, with oAuth and Azure Enterprise Application.

So far so good.

For these users, I want to reset the password and this last step is not working.

Screenshot 2022-09-07 at 13.04.44.png

 

I receive the following error message

 

 

 

{
  "error": {
    "code": "accessDenied",
    "message": "Request Authorization failed",
    "innerError": {
      "message": "Request Authorization failed",
      "date": "2022-08-27T07:21:34",
      "request-id": "37ff9bff-XXXX-XXXX-XXXX-7243da31XXXX",
      "client-request-id": "37ff9bff-XXXX-XXXX-XXXX-7243da31XXXX"
    }
  }
}

 

 

 

 

Ofc I have checked all APIs I need. Regarding this

Permission type Permissions (from least to most privileged)
Delegated (work or school account)UserAuthenticationMethod.ReadWrite.All
Delegated (personal Microsoft account)Not supported.
ApplicationNot supported.

 

So I have UserAuthenticationMethod.ReadWrite in my API permissions and I also grant that for admin permissions.     Therefore I dont understand, why it is not working.  Ofc I used the http url which is generated by all the values, and did run that manually in Graph Explorer, here it is working (but ofc I used here my admin account), but that means the url is also correct.  

 

I guess it is something with permissions for OAuth, but I don't know what else I need.    

 

Any advice?

 

 

Labels:
Message 1 of 12
378 Views
0 Kudos
11 REPLIES 11
salihzett
Frequent Visitor

‎09-07-2022 09:13 AM

Does anyone have an idea? I am lost, dunno what I miss.

Message 2 of 12
311 Views
0 Kudos
JimmyWork
Super User
Super User
In response to salihzett

‎09-07-2022 12:19 PM

You need to have a bearer token in your header.

https://docs.microsoft.com/en-us/graph/api/authenticationmethod-resetpassword?view=graph-rest-1.0&ta...

 
Message 3 of 12
308 Views
0 Kudos
salihzett
Frequent Visitor
In response to JimmyWork

‎09-13-2022 11:53 AM

ok but still not working,

This is my POST request, and next to this is the result.

I checked the token with https://jwt.ms/, looks fine actually.

 

Screenshot 2022-09-13 at 20.42.51.pngScreenshot 2022-09-13 at 20.49.13.png

Message 4 of 12
298 Views
0 Kudos
salihzett
Frequent Visitor
In response to JimmyWork

‎09-13-2022 11:56 AM

And without Authorization Barer and login with Global Admin in GraphExplorer it is working.

But when I add the Authorization Barer as well, i receive 

"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: 80049217",
Message 5 of 12
296 Views
0 Kudos
JimmyWork
Super User
Super User
In response to salihzett

‎09-14-2022 12:21 PM

In Graph Explorer I don't think you need a bearer token to do the calls as it's included.

Does the account you use in flow have any of the following roles?

 

For delegated scenarios where an admin is acting on another user, the admin needs one of the following Azure AD roles:

  • Global Administrator
  • Privileged Authentication Administrator
  • Authentication Administrator
Message 6 of 12
286 Views
0 Kudos
salihzett
Frequent Visitor

‎09-14-2022 12:26 PM

not yet, this is my non-admin account.
Actually I would prefer to use oauth2. so there is no option except one of the admins roles, connected to Flow?

Message 7 of 12
285 Views
0 Kudos
salihzett
Frequent Visitor

‎09-14-2022 12:26 PM

not yet, this is my non-admin account.
Actually I would prefer to use oauth2. so there is no option except one of the admins roles, connected to Flow?

Message 8 of 12
285 Views
0 Kudos
JimmyWork
Super User
Super User
In response to salihzett

‎09-15-2022 12:25 AM

@salihzett Thats how I understand the documentation but I might be wrong, but you could add the role Authenticator Administrator to your flow account and test it and then remove it. If this does not work I don't see what you are doing wrong.

Message 9 of 12
275 Views
0 Kudos
salihzett
Frequent Visitor

‎09-22-2022 04:12 AM

Hi @JimmyWork 

but where i can add this role.

To my user? But for HTTP is it not possible to set a connector for users? And the basic authentification didn't work as well.

I mean it must work somehow, but I am really lost because the Authentication bearer doesn't work and I thought this is the only option.

Message 10 of 12
266 Views
0 Kudos
JimmyWork
Super User
Super User
In response to salihzett

‎09-22-2022 10:03 AM

I did not have time to look into this, sorry for the short answer maybe someone else can jump in and help you out due to I'm currently limited in time

Message 11 of 12
261 Views
0 Kudos
JimmyWork
Super User
Super User

‎09-23-2022 01:59 AM

The account you use to create the flow, can you temporary give that account the roles needed and test it out?

Message 12 of 12
253 Views
0 Kudos

Helpful resources

Announcements
Power Automate News & Announcements

Power Automate News & Announcements

Keep up to date with current events and community announcements in the Power Automate community.

Community Calls Conversations

Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Automate Community Blog

Power Automate Community Blog

Check out the latest Community Blog from the community!

View All
Top Solution Authors
View All
Top Kudoed Authors
View All
Users online (1,893)