Answered

Custom Connector for Microsoft Graph API - Access issues

(0) Share

Report

Posted on by Oyster

Hey guys, im having an issue trying to get a custom microsoft graph api conencotr to work. I'm trying to set up a flow that fetches emails accross my organization, the issue im having is that it works fine for my own emails, but if its someone else's email, it gives me this:

{
 "error": {
 "code": "ErrorAccessDenied",
 "message": "Access is denied. Check credentials and try again.",
 "innerError": {
 "date": "2020-08-07T16:02:39",
 "request-id": "0c870661-d8b6-4a1d-8cde-55f85f5e93d0"
 }
 }
}

here's what my api permissions look like on the azure side:

What am i missing here?

I have the same question (0)

All responses (3)

Answers (1)

Anupam.khasia 366 on at

Like (0)

Report

Re: Custom Connector for Microsoft Graph API - Access issues

Hi @Oyster ,

Can you explain what you meant by " if its someone else's email, it gives me this" ? Is he belongs to your organization or other ? Also could you please post actions and steps you are doing with your flow ?

Thanks

Was this reply helpful? Yes No
Oyster 31 on at

Like (1)

Report

Re: Custom Connector for Microsoft Graph API - Access issues

sure. so basically im receiving a notification from Microsoft graph whenever mail goes in or out for specific users in our organization. i setup a flow that receives that notification via http request here:
So i receive the request notification and it gives me the user and the message id. Because this same url endpoint is used to also validate the notification subscription when its initially setup, the conditional step determines if there's a validation token in the request, and if so, it sends it back to validate. the validation works fine, its the next part, when i actually receive a message notification that breaks:

so under, "If yes" i then use my custom connector to fetch the message from the notification using the get mail request here.
so, both when i test the connector on the custom connector editor, and when i run the flow, it works for my own emails. however, whenever its trying to run for another user's emails, it fails like this:

I am a global admin for my org. Also, from my original post, you can see how i have Azure setup for Microsoft graph. Am i missing something? is this sort of delegated permissions not compatible with flow? or is there something i need to change on my account besides being an admin?

Thanks for your reply!

Was this reply helpful? Yes No
Verified answer

Anupam.khasia 366 on at

Like (0)

Report

Re: Custom Connector for Microsoft Graph API - Access issues

Hi @Oyster ,

This is due to connection of the flow. You have created and connected using your mailbox account. In order to read other account's messages you can share flow to that users and ask them to configure their connections.

You could create multiple similar Flows and then use their accounts to configure connection.
If other users have a Flow license and are members of the organization, you could create Teams Flow and let other users change the connection themselves.
For the creation of Teams Flow and the sharing of Flow, you could refer to the following link:
https://docs.microsoft.com/en-us/flow/create-team-flows

Thanks
Anupam
(please mark resolved if it helps you)

Was this reply helpful? Yes No