cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
isabasu
Level: Powered On

Unauthorized: Graph API - Create Planner Plan

Dear community

 

I'd like to create a Planner plan with Flow and found this article. I went ahead and configured Azure accordingly (which I know it works since I can create a team the same way with Flow). In this video, he explains how to create a plan with the Graph Explorer. This works perfectly - I can create a Planner plan with the Graph Explorer, but I can't get it to work with the HTTP action in Flow. I assume it's because the Graph Explorer runs the code in the user context and the HTTP action does not. How can I run it with the tenant id/client id/client secret?

 

This is how my Flow looks like: 

planner.png

 

And I get this error message whenever I run it:

401 - Unauthorized: Access is denied due to invalid credentials.

 

** Edit **

Can you even do that with Flow? Since it only supports delegated api calls?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
isabasu
Level: Powered On

Re: Unauthorized: Graph API - Create Planner Plan

Hi

 

That post is from back in the days when Planner plans came along with SharePoint sites. However, since no Planner plan will be provisioned whenever a SharePoint site is being created, this blog post doesn't cover the most important part.

 

Anyway, I've figured it out. I hope this helps some people 🙂

 

  1. Configure Azure AD App Permissions with Delegated Group.ReadWrite.All (see MS doc)
  2. Since the "application" permission-type is not supported, you'd need to run it with a user-context. You can do that by creating an HTTP action and use that Authorization token according to the screenshot below. I'm adding a service account to the group since you can only create a plan when you're also part of it.
    You can copy the "Parse JSON - get access token" action-Schema here:
    {
        "type": "object",
        "properties": {
            "token_type": {
                "type": "string"
            },
            "expires_in": {
                "type": "string"
            },
            "ext_expires_in": {
                "type": "string"
            },
            "expires_on": {
                "type": "string"
            },
            "not_before": {
                "type": "string"
            },
            "resource": {
                "type": "string"
            },
            "access_token": {
                "type": "string"
            }
        }
    }
    access-token-planner-plan.png

 

Cheers

View solution in original post

5 REPLIES 5
Community Support Team
Community Support Team

Re: Unauthorized: Graph API - Create Planner Plan

 

Hi @isabasu ,

 

Please check this article and see if it helps:

https://daytodaydynamics365.com/creating-a-planner-plan-from-a-d365-psa-project-with-flow/

 

Best Regards,

Community Support Team _ Barry
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Highlighted
isabasu
Level: Powered On

Re: Unauthorized: Graph API - Create Planner Plan

Hi

 

That post is from back in the days when Planner plans came along with SharePoint sites. However, since no Planner plan will be provisioned whenever a SharePoint site is being created, this blog post doesn't cover the most important part.

 

Anyway, I've figured it out. I hope this helps some people 🙂

 

  1. Configure Azure AD App Permissions with Delegated Group.ReadWrite.All (see MS doc)
  2. Since the "application" permission-type is not supported, you'd need to run it with a user-context. You can do that by creating an HTTP action and use that Authorization token according to the screenshot below. I'm adding a service account to the group since you can only create a plan when you're also part of it.
    You can copy the "Parse JSON - get access token" action-Schema here:
    {
        "type": "object",
        "properties": {
            "token_type": {
                "type": "string"
            },
            "expires_in": {
                "type": "string"
            },
            "ext_expires_in": {
                "type": "string"
            },
            "expires_on": {
                "type": "string"
            },
            "not_before": {
                "type": "string"
            },
            "resource": {
                "type": "string"
            },
            "access_token": {
                "type": "string"
            }
        }
    }
    access-token-planner-plan.png

 

Cheers

View solution in original post

KhurramJamshed
Level: Powered On

Re: Unauthorized: Graph API - Create Planner Plan

Hi isabasu,

i have been stuck with this issue for a whole day now.

i have registered an app in azure and have all the neccessary token values. and using the same app i am able create a group successfully that is required prior to create a plan.

 

however while trying create a plan in next step using a group id from previous step, i am getting a same error as you have mentioned.

 

following your reply i am able to get an authorization token but i am stuck with additional step you have performed of adding a SERVICE USER to an AZURE group.

i assume with service user you are referring to an APP we have registered earlier?

but which azure group you have added that user to? isnt the group id required is of an O365 group?

 

i would appriciated you help becuase i dont see many people have blogged/explained issues related to creating a plan using graph api.

many thanks.

isabasu
Level: Powered On

Re: Unauthorized: Graph API - Create Planner Plan

@KhurramJamshed 

 

Sure thing.

With a service user, I just meant a normal user account dedicated to tasks like this. You can call him donald.duck@domain.com if you like. For testing purposes, I have assigned global admin permissions to that service user. 

 

In Planner, you can't create a plan if you are not part of that O365 group you'd like to create it for. That is why, before Flow is trying to create the plan, you'd need to add the user to that O365 group.

 

You mentioned that you were able to create an O365 group, right? Everything after that is actually quite simple.

Just use the flow Azure AD action "Add user to group". Since you have the id of the group as well as the one from the user, that shouldn't be a problem. 

 

Once you have that, you can call the HTTP Web Service to create a planner plan according to my screenshot in the previous post. 

 

 

KhurramJamshed
Level: Powered On

Re: Unauthorized: Graph API - Create Planner Plan

thanks for replying @isabasu  - in that case, i dont see what is missing at my end. except for the way you did a few things i.e. adding a user to a group using AD action. which i did while creating a group

 

FlowGroup.PNG

 

i will give another try by adding user using AD group action and let you know.

Helpful resources

Announcements
firstImage

New Ranks and Rank Icons in April

Read the announcement for more information!

firstImage

Better Together Contest Finalists Announced!

Congrats to the finalists of our ‘Better Together’-themed T-shirt design contest! Click for the top entries.

firstImage

New & Improved Power Automate Community Cookbook

We've updated and improved the layout and uploading format of the Power Automate Cookbook!

thirdimage

Power Automate Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

sixthImage

Community Summit North America

The top training and networking event across the globe for Microsoft Business Applications

Top Solution Authors
Top Kudoed Authors
Users online (3,942)