cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
isabasu Helper III
Helper III

Unauthorized: Graph API - Create Planner Plan

Dear community

 

I'd like to create a Planner plan with Flow and found this article. I went ahead and configured Azure accordingly (which I know it works since I can create a team the same way with Flow). In this video, he explains how to create a plan with the Graph Explorer. This works perfectly - I can create a Planner plan with the Graph Explorer, but I can't get it to work with the HTTP action in Flow. I assume it's because the Graph Explorer runs the code in the user context and the HTTP action does not. How can I run it with the tenant id/client id/client secret?

 

This is how my Flow looks like: 

planner.png

 

And I get this error message whenever I run it:

401 - Unauthorized: Access is denied due to invalid credentials.

 

** Edit **

Can you even do that with Flow? Since it only supports delegated api calls?

1 ACCEPTED SOLUTION

Accepted Solutions
isabasu Helper III
Helper III

Re: Unauthorized: Graph API - Create Planner Plan

Hi

 

That post is from back in the days when Planner plans came along with SharePoint sites. However, since no Planner plan will be provisioned whenever a SharePoint site is being created, this blog post doesn't cover the most important part.

 

Anyway, I've figured it out. I hope this helps some people 🙂

 

  1. Configure Azure AD App Permissions with Delegated Group.ReadWrite.All (see MS doc)
  2. Since the "application" permission-type is not supported, you'd need to run it with a user-context. You can do that by creating an HTTP action and use that Authorization token according to the screenshot below. I'm adding a service account to the group since you can only create a plan when you're also part of it.
    You can copy the "Parse JSON - get access token" action-Schema here:
    {
        "type": "object",
        "properties": {
            "token_type": {
                "type": "string"
            },
            "expires_in": {
                "type": "string"
            },
            "ext_expires_in": {
                "type": "string"
            },
            "expires_on": {
                "type": "string"
            },
            "not_before": {
                "type": "string"
            },
            "resource": {
                "type": "string"
            },
            "access_token": {
                "type": "string"
            }
        }
    }
    access-token-planner-plan.png

 

Cheers

View solution in original post

5 REPLIES 5
Community Support
Community Support

Re: Unauthorized: Graph API - Create Planner Plan

 

Hi @isabasu ,

 

Please check this article and see if it helps:

https://daytodaydynamics365.com/creating-a-planner-plan-from-a-d365-psa-project-with-flow/

 

Best Regards,

Community Support Team _ Barry
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
isabasu Helper III
Helper III

Re: Unauthorized: Graph API - Create Planner Plan

Hi

 

That post is from back in the days when Planner plans came along with SharePoint sites. However, since no Planner plan will be provisioned whenever a SharePoint site is being created, this blog post doesn't cover the most important part.

 

Anyway, I've figured it out. I hope this helps some people 🙂

 

  1. Configure Azure AD App Permissions with Delegated Group.ReadWrite.All (see MS doc)
  2. Since the "application" permission-type is not supported, you'd need to run it with a user-context. You can do that by creating an HTTP action and use that Authorization token according to the screenshot below. I'm adding a service account to the group since you can only create a plan when you're also part of it.
    You can copy the "Parse JSON - get access token" action-Schema here:
    {
        "type": "object",
        "properties": {
            "token_type": {
                "type": "string"
            },
            "expires_in": {
                "type": "string"
            },
            "ext_expires_in": {
                "type": "string"
            },
            "expires_on": {
                "type": "string"
            },
            "not_before": {
                "type": "string"
            },
            "resource": {
                "type": "string"
            },
            "access_token": {
                "type": "string"
            }
        }
    }
    access-token-planner-plan.png

 

Cheers

View solution in original post

KhurramJamshed
Frequent Visitor

Re: Unauthorized: Graph API - Create Planner Plan

Hi isabasu,

i have been stuck with this issue for a whole day now.

i have registered an app in azure and have all the neccessary token values. and using the same app i am able create a group successfully that is required prior to create a plan.

 

however while trying create a plan in next step using a group id from previous step, i am getting a same error as you have mentioned.

 

following your reply i am able to get an authorization token but i am stuck with additional step you have performed of adding a SERVICE USER to an AZURE group.

i assume with service user you are referring to an APP we have registered earlier?

but which azure group you have added that user to? isnt the group id required is of an O365 group?

 

i would appriciated you help becuase i dont see many people have blogged/explained issues related to creating a plan using graph api.

many thanks.

isabasu Helper III
Helper III

Re: Unauthorized: Graph API - Create Planner Plan

@KhurramJamshed 

 

Sure thing.

With a service user, I just meant a normal user account dedicated to tasks like this. You can call him donald.duck@domain.com if you like. For testing purposes, I have assigned global admin permissions to that service user. 

 

In Planner, you can't create a plan if you are not part of that O365 group you'd like to create it for. That is why, before Flow is trying to create the plan, you'd need to add the user to that O365 group.

 

You mentioned that you were able to create an O365 group, right? Everything after that is actually quite simple.

Just use the flow Azure AD action "Add user to group". Since you have the id of the group as well as the one from the user, that shouldn't be a problem. 

 

Once you have that, you can call the HTTP Web Service to create a planner plan according to my screenshot in the previous post. 

 

 

KhurramJamshed
Frequent Visitor

Re: Unauthorized: Graph API - Create Planner Plan

thanks for replying @isabasu  - in that case, i dont see what is missing at my end. except for the way you did a few things i.e. adding a user to a group using AD action. which i did while creating a group

 

FlowGroup.PNG

 

i will give another try by adding user using AD group action and let you know.

Helpful resources

Announcements
MBAS Gallery 2020

MBAS Gallery 2020

Watch Microsoft Business Applications Summit sessions on-demand.

firstImage

New Ranks and Rank Icons released on April 21!

The time has come: We are finally able to share more details on the brand-new ranks coming to the Power Automate Community!

firstImage

Now Live: Power Virtual Agents Community!

We are excited to announce the launch of Power Virtual Agents Community. Check it out now!

firstImage

New & Improved Power Automate Community Cookbook

We've updated and improved the layout and uploading format of the Power Automate Cookbook!

thirdimage

Power Automate Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

sixthImage

Community Summit North America

The top training and networking event across the globe for Microsoft Business Applications

Top Solution Authors
Users online (6,144)