Showing results for 
Search instead for 
Did you mean: 
Level: Power Up

Does the Customer Connector support OAuth2 flow: password?

I have a swagger file validated and tested in other apps that I cannot seem to get to work in PowerApps as a customer connector. The cause seems to be the OAuth2 method (i.e. flow: password).   


Here is a copy of the working Swagger security definition: 


    type: oauth2
    flow: password
      auto: detect maximum permission

When I attempt to load this into the connector, it demands an authorization and refresh url, but these are not used in this particular method. 


When trying to move it forward and save, I get the following error: 


"The request failed with error: 'Parsing error(s): JSON is valid against more than one schema from 'oneOf'. No valid schemas. Path 'securityDefinitions.waoauth', line 84, position 16.'. The tracking Id is 'a617692b-8410-4e1f-97c1-23293ecd9bb0'."


Is there any way around this? 

Community Support Team
Community Support Team

Re: Does the Customer Connector support OAuth2 flow: password?

Hi @duckman,


The supported authentication method are listed in the document below:

Register and use custom connectors in PowerApps


using one of the following authentication mechanisms. You can allow unauthenticated access to your APIs, but we don't recommend it.


Your swagger definition seems to be fine, I think the issue should be the server authentication mechanism.

Consider verify that part.




Community Support Team _ Michael Shao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Level: Power Up

Re: Does the Customer Connector support OAuth2 flow: password?

The error occurs at parsing by MS. Tests via other systems show this Swagger definition to connect without issue. 

Level: Powered On

Re: Does the Customer Connector support OAuth2 flow: password?

This also happens for me with OAuth2 Client Credentials 


"description":"client credentials grant flow",
"tokenUrl": <redacted>,


The issue is with the front end form as pointed out by the OP. It forces you to supply an authorizationUrl but that isnt part of the OpenAPI spec when using the application flow, so it fails validation. The refresh and authroization URL fields shouldnt be mandatory.


Surprised this issue seems to have been around for so long, unless its the intention that the connectors dont support Password/Client Credentals grant types? @v-micsh-msft can you confirm which auth flows are supported by the Generic OAuth 2 auth?