You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
│ Error: Checking for existing user flow attribute: "Hobby"
│
│ with azuread_user_flow_attribute.example,
│ on main.tf line 112, in resource "azuread_user_flow_attribute" "example":
│ 112: resource "azuread_user_flow_attribute" "example" {
│
│ UserFlowAttributesClient.BaseClient.Get(): unexpected status 403 with OData error: AADB2C: The application does not have any of the required delegated permissions
│ (IdentityUserFlow.Read.All, IdentityUserFlow.ReadWrite.All) to access the resource.
Steps to Reproduce
create b2c tennant
initialize terraform with the provider tennant for azuread being the b2c tennant
terraform apply
Important Factoids
this is a user who has the ability to create user flow attributes manually in the portal. also tried creating an application with the relevant permissions and using that, but still received the same issue. audit logs in the b2c show a similar error saying "Access denied. Client app does not have required app permissions."
The text was updated successfully, but these errors were encountered:
then I make a call to a powershell graph local-exec script that runs a Connect-MgGraph passing the secret and finally calling New-MgIdentityUserFlowAttribute to create the custom attribute.
You should start with @germandsantana approach, and create another service principal, but in the AAD B2C tenant, not the original tenant, and then configure another azuread provider with an alias.
Community Note
Terraform 1.0.9, azuread 2.37.2 azurerm 3.51.0
Affected Resource(s)
azuread_user_flow_attribute
Terraform Configuration Files
this is in the context of an azure ad provider that has a b2c tennant as its tennant, and signed in as the original creator of the b2c tennant
Expected Behavior
user flow attribute created
Actual Behavior
│ Error: Checking for existing user flow attribute: "Hobby"
│
│ with azuread_user_flow_attribute.example,
│ on main.tf line 112, in resource "azuread_user_flow_attribute" "example":
│ 112: resource "azuread_user_flow_attribute" "example" {
│
│ UserFlowAttributesClient.BaseClient.Get(): unexpected status 403 with OData error: AADB2C: The application does not have any of the required delegated permissions
│ (IdentityUserFlow.Read.All, IdentityUserFlow.ReadWrite.All) to access the resource.
Steps to Reproduce
terraform apply
Important Factoids
this is a user who has the ability to create user flow attributes manually in the portal. also tried creating an application with the relevant permissions and using that, but still received the same issue. audit logs in the b2c show a similar error saying "Access denied. Client app does not have required app permissions."
The text was updated successfully, but these errors were encountered: