Hi everyone,
This is my first post in the forum so hopefully I provide enough information.
I have been trying to follow the instructions in Sudeshs' blog https://powerapps.microsoft.com/en-us/blog/implementing-role-based-permission/ and implement a custom connector to the Graph API to list groups the user belongs to.
When I test the connection, I receive a 403 error, "code": "Authorization_RequestDenied", "message": "Insufficient privileges to complete the operation.". I have updated permissions in both the Azure Portal App Registrations and the permissions in the Graph Explorer per the instructions. When logged in with the same user account to the Graph Explorer, I do not have any problems with insufficient privileges and retrieve all required info with the GET request in Graph Explorer.
Can anybody help me solve why the permissions are different in PowerApps and Graph Explorer?
Thanks!
Damien
Hi @LanceDelano ,
I checked all the above steps.
Is it required to create custom connector using "Active Directory Tenant Account" ? ,
I am login with service account and using the application which granted Delegate level of permission.
But after creating custom connector in test we are facing following issue.
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
Thanks in advance.
Yes. I've followed all those steps. I even tried removing the application registration from the Azure Portal and starting over in case I had noted the wrong ID and key. When setting up the connector, I get a 200 response. In graph, I am able to run the API and obtain results. It is only when I test the connector or try use it in my application that I get the 403 error.
Just to confirm before I involve others, can you confirm you've followed the other steps in the blog post as well?
****
If you are facing any other error, please double check that you followed following steps properly:
· The Registered App was Granted Permission by an Admin of the Active Directory (Ensure that the permission was granted before you registered this as custom connector in PowerApps environment)
· While registering the app, you provided proper reply url (if you got error during custom connection creation, you added additional reply url)
· While creating custom connector, you provided proper resource url
· You noted down the correct Client Id, and Client Secret. (Client Id is same as Application Id. Key is same as Client Secret)
· You are signed in to the Active Directory Tenant where you registered your app
· You could successfully run the api from Graph Explorer
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.