azure-logic-apps - Add an Azure AD user to a Azure DevOps project group using Azure Logic Apps

We could not add an Azure AD user to a Azure DevOps project group via Azure Logic Apps. This is an known issue in the action Send an HTTP request to Azure DevOps

We are using this REST API to add an AAD user as member of a group, it need the permission scope vso.graph_manage

And according to this doc Action Send an HTTP request to Azure DevOps has a limited set of scopes which control what resources can be accessed by the action and what operations the action is allowed to perform on those resources.

The Scopes contain:

• vso.agentpools_manage
• vso.build_execute
• vso.chat_manage
• vso.code_manage
• vso.code_status
• vso.connected_server
• vso.dashboards_manage
• vso.entitlements
• vso.extension.data_write
• vso.extension_manage
• vso.identity
• vso.loadtest_write
• vso.packaging_manage
• vso.project_manage
• vso.release_manage
• vso.test_write
• vso.work_write

Since it does not contain the scope vso.graph_manage, and we could see the error message : TF400813: The user xxx is not authorized to access this resource in the output content

Update1

Power shell script:

$connectionToken="{PAT}"
$base64AuthInfo= [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($connectionToken)"))
$URL = "https://vssps.dev.azure.com/{Org name}/_apis/graph/users?groupDescriptors={groupDescriptors}&api-version=6.0-preview.1" 

$body =@"
{
  "principalName": "{User email}"
}
"@
$Result = Invoke-RestMethod -Uri $URL -ContentType "application/json" -Body $body -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -Method POST