How to fix "403 forbidden" while trying to access MS Graph API during creation of User Flow using PowerShell or Bash in Azure AD B2C Tenant?

Question

Hi all, I need help with API permissions for MS Graph API while creating User Flow using PowerShell. 

 Context: I am trying to create User Flow in Azure AD B2C tenant, but while trying to send Graph API requests using Invoke-MgGraphRequest command, I am getting error HTTP/1.1 403 Forbidden - "code":"AADB2C","message":"User authorization failed. You must have access to <b2c_tenant_id>".

 After adding Connect-MgGraph -Scopes "IdentityUserFlow.ReadWrite.All" command in the script, the error message changes to "HTTP/1.1 500 Internal Server Error - {"code":"InternalServerError","message":"Unable to find target address".

 I have added delegated IdentityUserFLow.ReadWrite.All API permissions and tried the 1st step as well, but no luck.

Answer 1

Hi @Payel Ganguly

I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

Issue:

How to fix "403 forbidden" while trying to access MS Graph API during creation of User Flow using PowerShell or Bash in Azure AD B2C Tenant?

Solution:

Issue resolved by @Payel Ganguly

The issue was resolved by adding the "IdentityUserFlow.ReadWrite.All" application permission.

If you have any other questions or are still running into more issues, please let me know. Thank you again for your time and patience throughout this issue.

Thanks,

Navya.

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Answer 2

We need to add IdentityUserFLow.ReadWrite.All Application permission as well, that resolved my error.