Verifying OAUTH configuration for Custom Connectors

Symptoms

Custom Connector connections fail because of authentication failures. When this problem occurs, you receive the following error message:

     Alert: Your <ConnectionName> connection isn't working

Error

Cause

One or more incorrect URLs were set during the Custom Connection creation.

Resolution

Before you try to configure a Custom Connector, all actions should be verified outside of Power Automate by using a tool such as Postman.

Each of the following steps should be successfully completed in a tool such as Postman before you configure the Custom Connector:

  1. Call the OAUTH token retrieval endpoint.

  2. Call the API action by using the returned token.

  3. Call the OAUTH token refresh endpoint after the token expires.

  4. Call the API action by using the new, refreshed token.

Notice that only Authorization Code Grant flows and On-Behalf-Of flows support refresh tokens. (For more information, see this Microsoft Graph: Developer Blog article.) Implicit grants and client credentials grants do not support refresh tokens. Therefore, you cannot use these grants to authenticate Custom Connectors.

Test generating OAUTH tokens by using Postman

Postman lets you easily perform the testing of an endpoint that's authenticated by OAUTH2. In order to perform this testing, you must have the following information about or configurations done on the endpoint:

  • Get the Microsoft Azure Tenant ID. The tenant ID is shown on the Azure Active Directory (Azure AD) blade, and is found on the Properties tab.

    Properties tab

  • Get the Application (Client) ID. This is also available on the Azure AD blade, and is found on the App Registrations tab.

    App Registrations tab

    The next screen appears as follows.

    Sample for OAUTH

  • Make sure that https://oauth.pstmn.io/v1/callback is a valid callback URI for the application.

    Valid callback URI for the application

  • Record the scopes for which your application must authenticate.

    Record the Scope


Note: Some third-party authentication providers require that additional scopes be provided to function fully with Power Automate and Power Apps. This includes such features as offline authentication (required for related connections to automatically refresh the Custom Connector token). These additional scopes lie outside the Microsoft scope of information. For more information, refer to the authentication provider's documentation.

Create a collection, and get a new access token

In Postman, create a collection. On the Authorization tab, specify the following values:

  • Type: OAuth 2.0

  • Header Prefix: Bearer

  • Token Name: <user choice>

  • Grant Type: Authorization Code

  • Callback URL: Select "Authorize using browser" next to this option. Notice that the URL itself may not be edited.

  • Auth URL: https://login.microsoftonline.com/<your Tenant ID>/oauth2/v2.0/authorize

  • Access Token URL: https://login.microsoftonline.com/<your Tenant ID>/oauth2/v2.0/authorize

  • Client ID: <your Application ID>

  • Client Secret: (optional, leave blank)

  • Scope: (enter scopes separated by spaces)

  • State: <optional, leave blank>

  • Client Authentication: Send client credentials in body.

Create a new collection

When you select Get New Access Token at the bottom of this dialog box, you are taken to a browser to authenticate to Azure AD, then automatically returned to Postman. If you see Access Token and Refresh Token entries in the resulting dialog box, this means that you have successfully configured the URLs and can proceed to create your Custom Connector.

Define OAUTH settings for Custom Connector

Now that all the information is verified, it can be populated in the Custom Connector Authorization section, as follows.

Custom Connector Authorization section

Outside resources

Auth Code Grant

Learning Postman

onelogin Developers
 

The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×