Share
ReportHello Power Platform Community,
I am struggling with a persistent OAuth configuration issue in (Copilot Studio) custom connectors and would appreciate any guidance.
The Core Problem:
When I configure my custom connector with the correct Microsoft Entra ID v2.0 endpoints (.../oauth2/v2.0/authorize and .../oauth2/v2.0/token), the Power Platform UI automatically changes them back to legacy v1.0 endpoints (login.windows.net) upon saving. The user login in Entra ID succeeds, but the connection in Copilot Studio fails with a generic "Create and authorize OAuth connection failed" error. This error is persistent across all environments and connectors.
When I configure my custom connector with the correct Microsoft Entra ID v2.0 endpoints (.../oauth2/v2.0/authorize and .../oauth2/v2.0/token), the Power Platform UI automatically changes them back to legacy v1.0 endpoints (login.windows.net) upon saving. The user login in Entra ID succeeds, but the connection in Copilot Studio fails with a generic "Create and authorize OAuth connection failed" error. This error is persistent across all environments and connectors.
What I've Already Tried & Verified:
OAuth Flow is Sound: I can successfully complete the entire OAuth Authorization Code grant flow in Postman using the v2.0 endpoints, my Client ID/Secret, and the connector's Redirect URI. I receive a valid access token for Microsoft Graph. Furthermore in the logs of the EntraID app, the appempted login shows up as a success.
Data Policies Checked: A Power Platform admin has reviewed Data Loss Prevention (DLP) policies. My custom connector and Microsoft Graph are in the same "Business" data group.
Redirect URIs Registered: The exact Redirect URIs generated by the custom connector are registered in the Azure AD app.
Multiple Connector Attempts: I have tried editing the existing connector and creating multiple new ones from scratch. The v2.0 URLs consistently revert to v1.0 after saving.
Swagger File Cleanup: I have tried importing a Swagger file with no securityDefinitions to let the UI handle it, but the issue persists.
My Current Configuration (Generic OAuth 2.0):
Authorization URL: https://login.microsoftonline.com/{My_Tenant_ID}/oauth2/v2.0/authorize
(Upon saving, these become login.windows.net URLs without the /v2.0/ path, and generic OAuth 2.0 changes to Azure Active Directory)
Resource/Scope: https://graph.microsoft.com/.default (Also tried openid profile, .default, https://graph.microsoft.com/user.read and user.read)
Key Questions for the Community:
What forces the Power Platform to overwrite correct v2.0 endpoints with v1.0 ones? Is this a tenant policy, a bug, or a misconfiguration?
Has anyone successfully resolved this specific "URL reversion" issue?
Are there hidden tenant-level settings in the Power Platform Admin Center that control OAuth endpoint defaults for custom connectors?
Technical Note: The platform only forces this change when the URL domain is login.microsoftonline.com. Using a different domain (e.g., login.bing.com) leaves the manually entered URLs untouched, but switching back triggers the automatic reversion to v1.0 endpoints
Additional Context:
Environment: Europe
Error Screenshot/Logs: I can provide network logs showing the successful login redirect and the subsequent generic failure.
Thank you for your time and expertise!
Connector_AzureAD...Connector_generic...Screenshot 2026-0...
I have the same question (0)
All responses (
Answers (
785
