web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / OAuth for http trigger...
Power Automate
Answered

OAuth for http trigger failing

(1) ShareShare
ReportReport
Posted on by GIS87 8
I'm getting the following error when trying to trigger an http request with authentication:

One or more claims either missing or does not match with the open authentication access control policy.
 
Possible causes:
 
1.  I can't set all the required token claims on azure ("aud", "iss", and "tid" from here; only aud is available)
 
However, I think the other required claims are included by default; when I check the token in jwt, all the required claims show.  
 
2.  The scope I'm using is https://service.flow.microsoft.com//.default, however the token only has "https://service.flow.microsoft.com/" as the audience, so i'm not sure if that's causing the issue? 

Any assistance is appreciated.
Categories:
Building flows
I have the same question (0)
  • Verified answer
    VASANTH KUMAR BALMADI Profile Picture
    VASANTH KUMAR BALMADI 266 on at

    Hi,

    The error you're encountering indicates that the claims in your access token don't fully align with the requirements of the target service. Specifically, Open Authentication (OAuth) policies enforced by the endpoint may reject the request if claims like aud, iss, or tid are missing or mismatched. Let’s walk through potential causes and resolutions for the issue.

    Key Points to Address

    1. Claim Mismatch (aud, iss, tid)

    • aud: Refers to the audience of the token and must match the API you're trying to access.
      • Your token's audience is https://service.flow.microsoft.com/. Ensure that your API call aligns with this.
    • iss: Refers to the issuer of the token and should match Azure AD's issuer URL for your tenant.
    • tid: Refers to the tenant ID and is critical when working in multi-tenant environments.
    Solution:

    Verify that the token includes these claims:

    • Use a tool like jwt.io to decode and inspect the token.
    • Look for aud, iss, and tid. If they are present, ensure they match the expected values for the target endpoint.

    2. Misconfigured Scope

    • The scope https://service.flow.microsoft.com//.default includes an extra /, which might cause issues.
    • The correct scope is typically in the format:
      https://<service-name>/<resource>/.default
      For Power Automate, this is:
      https://service.flow.microsoft.com/.default
    Solution:

    Use the corrected scope when requesting the token.

    3. Token Validation Issues

    • Even if the claims are present, their values might not align with the API's expectations.
    Solution:

    Confirm the following:

    1. API Permissions: Verify that your Azure AD app registration has the correct API permissions for the service you're trying to access.

      • Go to Azure Portal > App Registrations > Your App > API Permissions.
      • Ensure https://service.flow.microsoft.com/ is listed.
      • Grant admin consent if needed.

    2. Tenant-Specific Issues: If you're working in a multi-tenant setup, confirm that the token's tid matches the tenant where the app is registered.

    4. Debugging the Token Request

    If the token seems correct but the error persists, debug the token request itself:

    1. Token Request Endpoint:

      POST https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token
      • Replace {tenant-id} with your Azure AD tenant ID.

    2. Token Request Body:

      client_id=<your-app-client-id>
      client_secret=<your-app-client-secret>
      scope=https://service.flow.microsoft.com/.default
      grant_type=client_credentials

    3. Inspect Token Response:

      • Decode the received token and compare its claims to the API requirements.

    5. Additional Debugging Steps

    • API Documentation: Check the API's documentation to confirm required claims and scopes.

    • HTTP Headers: Ensure you're passing the token correctly in the Authorization header:

      Authorization: Bearer <access-token>

    • Check for Logs: Look for logs in the Azure Portal or target service to gain insights into the rejection reason.

    Summary of Actions

    1. Correct the scope to https://service.flow.microsoft.com/.default.
    2. Verify token claims using jwt.io.
    3. Ensure the app registration has correct API permissions and admin consent.
    4. Debug the token request if the issue persists.

    If you provide more specifics (e.g., decoded token claims or API details), I can help refine the troubleshooting further!

    ----------------------------------------------------------------------------------
    If this Post helped you, please click "Does this answer your question" and give it a like to help others in the community find the answer too!

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Michael E. Gernaey Profile Picture

Michael E. Gernaey 501 Super User 2025 Season 2

#2
Tomac Profile Picture

Tomac 323 Moderator

#3
abm abm Profile Picture

abm abm 237 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans