How to Create a Delegated Custom Connector in Power Platform to Call Microsoft Graph API

When working with Microsoft Graph API inside Power Automate or Power Apps, many developers face this error: /me request is only valid with delegated authentication flow.  This happens because the HTTP connector with client credentials only works with application permissions, which do not provide a user context.

If you need to call Graph API endpoints like /me, /me/messages, or /me/events, you must use delegated authentication.

The best way to achieve this in Power Platform is by creating a Custom Connector with OAuth2 delegated flow.

Step 1: Register an App in Azure AD 

  1. Go to Azure Portal → Azure Active Directory → App registrations → New registration.

  2. Give your app a name (eg: Graph API Power Automate).

  3. Save the app and note down:

    • Application (client) ID

    • Directory (tenant) ID

Step 2: Configure API Permissions

  1. In your registered app → API permissions → Add a permission.

  2. Select Microsoft Graph → Delegated permissions.

  3. Add the ones you need:

    • User.Read (profile info)

    • Mail.Read (emails)

    • Calendars.Read (calendar events)

  4. Click Grant admin consent.

Step 3: Create the Custom Connector

  1. In Power Automate (or Power Apps) → go to Data → Custom connectors → New custom connector → Create from blank.

  2. Name it Graph API.

Step 4: Configure Security

In the Security tab:

  • Authentication type: OAuth 2.0

  • Identity Provider: Azure Active Directory

  • Client ID: (from Azure AD app)

  • Client Secret: (create one under Certificates & Secrets)

  • Tenant ID: common

  • Authorization URL: https://login.microsoftonline.com

  • Resource URL: https://graph.microsoft.com

  • Enable on-behalf-of login: false

  • Scope: List the Graph API delegated permissions you need, space-separated.
    https://graph.microsoft.com/User.Read https://graph.microsoft.com/Mail.Read offline_access
or provide https://graph.microsoft.com/.default

  • Redirect URL: (leave blank now; after saving, Power Platform generates one → copy it back into your Azure AD app → Redirect URIs). Before creating connection to the custom connector copy this URL go to Azure App created in go to authentication tab add redirect Uri then select web option and paste the URL and click configure

Security Tab


Step 5: Define an Action

  1. In the Definition tab → Add a new action.

  2. Summary: Get Logged In User Details

  3. Operation ID: GetLoggedInUserDetails

  4. Import from sample:

    • Verb: GET

    • URL: https://graph.microsoft.com/v1.0/me

    • Response: You can get from documentation

Step 6: Test the Connector

  1. Save the connector.

  2. In the Test tab, click New connection and sign in with your Microsoft 365 account.

  3. Run the Get Logged In User Details action → you should see your user profile JSON returned.

✅ Using the Connector in Power Apps or Power Automate

  • In Power Automate → add the custom connector action into your flow.

  • In Power Apps → go to Data → Add data → + Add connection → Custom connectors → select your connector.

  • You can now call /me and other delegated Graph APIs seamlessly.

Comments

Post a Comment

Popular posts from this blog

Part 1: Creating Code Apps in Power Apps - A step-by-step guide (with real errors I faced & how I fixed them)

Image
Intro In this post I’ll walk you through how I set up a code-based app for Power Apps (React/Vite front-end + Power Platform CLI for packaging/deployment), the exact errors I ran into, and how I solved them. If you want a hands-on, copy-paste able guide that covers Node versions, pac auth, environment issues, and packaging tips, this is for you. Prerequisites Microsoft 365 account with access to a Power Platform environment Node.js ( 20.19+  recommended LTS) VS Code Install power platform tools extension in VS Code. Steps: Step 1 : Open Visual Studio Code and launch the integrated terminal. Step 2: In the terminal, run the following commands one by one.   mkdir D:\CodeApps - Force cd D:\CodeApps npm create vite @latest myfirstapp -- -- template react - ts cd D:\CodeApps\myfirstapp npm install Initially, I ran the command: npm create vite@latest MyFirstApp -- --template react-ts This gave the error: Invalid package.json name The issue was caused because package...
Read more

Calling Microsoft Graph API from Power Automate Using Azure App Services – Step-by-Step Guide

Image
Step 1: You should have an Azure subscription, or if you have access to the Microsoft Entra Admin Center, you can create an app from there. This app can then be used in Power Automate to connect to Microsoft Graph API. Step 2: Click on "New registration" , provide a name for your app, assign the required API permissions (such as Microsoft Graph permissions), and then click "Register" to complete the app registration process. Step 3: After registration, you'll be redirected to the app's overview page. From there, navigate to the API permissions tab and click "Add a permission" to assign the necessary Microsoft Graph API permissions. Step 4: Select Microsoft Graph as the API, and based on your requirements, choose the appropriate permissions. In my case, I selected Application permissions , which do not require user sign-in and are suitable for background services or automation. Step 5: Select the required Microsoft Graph API permissions. Yo...
Read more

Step-by-Step Guide: Power Automate Custom Connector Using Graph API from Azure App Service

Image
Step 1: Open Power Automate, navigate to the Custom Connectors tab, and select Create from blank as shown in the image below. custom connector(click image for better resolution) Step 2: In the General tab, upload an icon (less than 1MB), add a description, select the correct scheme (in my case, HTTPS ), and provide the host name. For example, if your API URL is https://graph.microsoft.com/v1.0/users/{email} , the host name will be the highlighted part — graph.microsoft.com . Step 3: Go to the Security tab. Here, you need to select the authentication method. Choose OAuth 2.0 as the authentication type, as shown in the image below. Step 4: Select the Identity Provider as Azure Active Directory . Check the box Enable Service Principal Support . This option allows you to create a connection using a Client ID and Client Secret instead of using the user's own authentication. Next, provide the Client ID , Client Secret , Tenant ID , and other required details as shown in t...
Read more