This is the error I received, while calling a child MS Flow, from another MS Flow. This error was thrown while building the MS Flow. However, the following error was thrown from within a running MS Flow.
Failed to parse invoker connections from trigger ‘manual’ outputs. Exception: Could not find property ‘headers.X-MS-APIM-Tokens’ in the trigger outputs. Workflow has connection references ‘[“shared_office365”]’ with invoker runtime source.
Both these error messages are due to the same issue. Let’s take a look into its details.
This is a permission issue. It is thrown when a child flow is configured to use the connection setting of the user, running the application [default]. However, inside ‘Run a Child Flow’ action, there’s no provision to retain the context of the current user!
When we call a child Flow, the context of the original user gets lost. It is due to this limitation, MS Power Automate does not allow us to save the Flow in the first place. Or, if a new connection setting has been added to an existing child Flow then, it throws the above error. This is because, the default value for each connection setting is, Provided by run-only user.
To fix this issue, we just need to update the connection setting. Instead of using the default option of, Provided by run-only user, we need to configure it to use the connection of a specific user, usually the author.
This will ensure that no matter who is triggering the Flow, the child flow will always run using the context of a specific user. It’s also a good way to elevate the permission, as the specific user might have higher privileges than the user triggering the Flow.
To fix this issue,
- Go to the child flow. The flow which is being called by another flow.
- From the right panel, click ‘Edit’ for the option, Run only users.
- Inside the setting, Connection Used, we can find a list of all our external connections with their types. In my example, I’m only using a single connection, Office 365 Outlook. Hence, only one connection is visible.
- Change the setting for each of your connection to use the context of a single user, instead of using a dynamic context at runtime. Here, multiple connection options might be visible, based on the connections used inside the Flow. Choose the appropriate one.
- A confirmation box will be prompted. Select OK.
- Save the Flow
- Microsoft Power Automate, just like SharePoint, requires a user context to authenticate.
- This context is used while communicating to connections like, Office 365 Outlook, SharePoint, etc.
- Run a Child Flow action, internally uses the HTTP action.
- Due to this, the context of the caller, can no longer be passed on to the Child Flow.
- This solution will run using the context of a fixed user. It means that if you’re using any SharePoint connections then, created/modified will always be this same user and not the original requestor!
- Be careful with all the actions defined inside this Flow. Since, the Flow will always run using the context of a single user, it might be possible that unknowingly, we’re elevating the permission of the requestor. The child flow will always run using the context of our fixed user instead of the requestor.