Microsoft Graph API: Insufficient privileges to complete the operation
Question
Problem
When generating an access token for Microsoft Graph API via ADAL, Graph API does not accept the token.
{
"odata.error": {
"code": "Authorization_RequestDenied",
"message": {
"lang": "en",
"value": "Insufficient privileges to complete the operation."
}
}
}
What the application does
The application should read all users of a tenant. The application is configured to have User.Read.All privileges. The application consent is granted by the tenant, where the users should be read from - the application does appear with the privileges in Azure Portal.
What I have so far
The application worked a few days ago and I changed nothing. Other applications using the same way to authenticate work.
- Recreating to AAD application did not help
- Reinstalling the NuGet packages did not help
- Changing the authority from login.windows.net to login.microsoftonline.com did not help
- Token generation does not work with client secrets and not with a certificate
- Decoding the generated JWT token shows the permissions required for the action
1 answers
solution1
2 ACCPTED 2017-03-14 13:12:53
Solution
It seems, that the documentation from microsoft is not correct. Listing users requires the Directory.Read permission.
Update
According to Microsoft it is not clear, if this is a bug in Graph API or the documentation is wrong.
An issue is open at Github here .
Update 2
This issue was fixed in an update of the Graph API in May 2017.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.