cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
salihzett
Frequent Visitor

Reset Password via Graph API and Enterprise Application

Hello,

I build a workflow for a specific group of persons and I want to trigger this every month. Independent from a user, with oAuth and Azure Enterprise Application.

So far so good.

For these users, I want to reset the password and this last step is not working.

Screenshot 2022-09-07 at 13.04.44.png

 

I receive the following error message

 

 

 

{
  "error": {
    "code": "accessDenied",
    "message": "Request Authorization failed",
    "innerError": {
      "message": "Request Authorization failed",
      "date": "2022-08-27T07:21:34",
      "request-id": "37ff9bff-XXXX-XXXX-XXXX-7243da31XXXX",
      "client-request-id": "37ff9bff-XXXX-XXXX-XXXX-7243da31XXXX"
    }
  }
}

 

 

 

 

Ofc I have checked all APIs I need. Regarding this

Permission type Permissions (from least to most privileged)
Delegated (work or school account)UserAuthenticationMethod.ReadWrite.All
Delegated (personal Microsoft account)Not supported.
ApplicationNot supported.

 

So I have UserAuthenticationMethod.ReadWrite in my API permissions and I also grant that for admin permissions.     Therefore I dont understand, why it is not working.  Ofc I used the http url which is generated by all the values, and did run that manually in Graph Explorer, here it is working (but ofc I used here my admin account), but that means the url is also correct.  

 

I guess it is something with permissions for OAuth, but I don't know what else I need.    

 

Any advice?

 

 

11 REPLIES 11
salihzett
Frequent Visitor

Does anyone have an idea? I am lost, dunno what I miss.

ok but still not working,

This is my POST request, and next to this is the result.

I checked the token with https://jwt.ms/, looks fine actually.

 

Screenshot 2022-09-13 at 20.42.51.pngScreenshot 2022-09-13 at 20.49.13.png

And without Authorization Barer and login with Global Admin in GraphExplorer it is working.

But when I add the Authorization Barer as well, i receive 

"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: 80049217",

In Graph Explorer I don't think you need a bearer token to do the calls as it's included.

Does the account you use in flow have any of the following roles?

 

For delegated scenarios where an admin is acting on another user, the admin needs one of the following Azure AD roles:

  • Global Administrator
  • Privileged Authentication Administrator
  • Authentication Administrator
salihzett
Frequent Visitor

not yet, this is my non-admin account.
Actually I would prefer to use oauth2. so there is no option except one of the admins roles, connected to Flow?

salihzett
Frequent Visitor

not yet, this is my non-admin account.
Actually I would prefer to use oauth2. so there is no option except one of the admins roles, connected to Flow?

@salihzett Thats how I understand the documentation but I might be wrong, but you could add the role Authenticator Administrator to your flow account and test it and then remove it. If this does not work I don't see what you are doing wrong.

salihzett
Frequent Visitor

Hi @JimmyWork 

but where i can add this role.

To my user? But for HTTP is it not possible to set a connector for users? And the basic authentification didn't work as well.

I mean it must work somehow, but I am really lost because the Authentication bearer doesn't work and I thought this is the only option.

I did not have time to look into this, sorry for the short answer maybe someone else can jump in and help you out due to I'm currently limited in time

JimmyWork
Super User
Super User

The account you use to create the flow, can you temporary give that account the roles needed and test it out?

Helpful resources

Announcements
Power Automate News & Announcements

Power Automate News & Announcements

Keep up to date with current events and community announcements in the Power Automate community.

Power Automate Community Blog

Power Automate Community Blog

Check out the latest Community Blog from the community!

Users online (5,559)