Power Automate Run a Child Flow

Update the child flow for action ‘Run_a_Child_Flow’ to not use ‘run-only user’ connections.

Premise

This is the error I received, while calling a child MS Flow, from another MS Flow. This error was thrown while building the MS Flow. However, the following error was thrown from within a running MS Flow.

Failed to parse invoker connections from trigger ‘manual’ outputs. Exception: Could not find property ‘headers.X-MS-APIM-Tokens’ in the trigger outputs. Workflow has connection references ‘[“shared_office365”]’ with invoker runtime source.

Solution

Both these error messages are due to the same issue. Let’s take a look into its details.

This is a permission issue. It is thrown when a child flow is configured to use the connection setting of the user, running the application [default]. However, inside ‘Run a Child Flow’ action, there’s no provision to retain the context of the current user!

When we call a child Flow, the context of the original user gets lost. It is due to this limitation, MS Power Automate does not allow us to save the Flow in the first place. Or, if a new connection setting has been added to an existing child Flow then, it throws the above error. This is because, the default value for each connection setting is, Provided by run-only user.

To fix this issue, we just need to update the connection setting. Instead of using the default option of, Provided by run-only user, we need to configure it to use the connection of a specific user, usually the author.

This will ensure that no matter who is triggering the Flow, the child flow will always run using the context of a specific user. It’s also a good way to elevate the permission, as the specific user might have higher privileges than the user triggering the Flow.


To fix this issue,

  • Go to the child flow. The flow which is being called by another flow.
  • From the right panel, click ‘Edit’ for the option, Run only users.
MS Power Automate: RunOnlyUsers
  • Inside the setting, Connection Used, we can find a list of all our external connections with their types. In my example, I’m only using a single connection, Office 365 Outlook. Hence, only one connection is visible.
MS Power Automate: Connection
  • Change the setting for each of your connection to use the context of a single user, instead of using a dynamic context at runtime. Here, multiple connection options might be visible, based on the connections used inside the Flow. Choose the appropriate one.
  • A confirmation box will be prompted. Select OK.
MS Power Automate: Confirm Changes
  • Save the Flow
MS Power Automate: Save Flow

Key Takeaways

  • Microsoft Power Automate, just like SharePoint, requires a user context to authenticate.
  • This context is used while communicating to connections like, Office 365 Outlook, SharePoint, etc.
  • Run a Child Flow action, internally uses the HTTP action.
  • Due to this, the context of the caller, can no longer be passed on to the Child Flow.
  • This solution will run using the context of a fixed user. It means that if you’re using any SharePoint connections then, created/modified will always be this same user and not the original requestor!
  • Be careful with all the actions defined inside this Flow. Since, the Flow will always run using the context of a single user, it might be possible that unknowingly, we’re elevating the permission of the requestor. The child flow will always run using the context of our fixed user instead of the requestor.

One thought on “Update the child flow for action ‘Run_a_Child_Flow’ to not use ‘run-only user’ connections.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.