Microsoft Graph API change user password return an error Insufficient privileges to complete the operation
Question
When I tried to change Azure AD user password I keep getting this error: "code": "Authorization_RequestDenied", "message": "Insufficient privileges to complete the operation."
I added all the permissions that are needed and I user OAuth 2.0 ROPC for authorization. This is authorization request:
var client = new RestClient("https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("client_id", "clientID");
request.AddParameter("scope", "user.read openid profile offline_access");
request.AddParameter("client_secret", "xxxxxxxxxxxxx");
request.AddParameter("username", "userr@xxxxxxx.onmicrosoft.com");
request.AddParameter("password", "xxxxxxxxx");
request.AddParameter("grant_type", "password");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
This is user update request:
var client = new RestClient("https://graph.microsoft.com/v1.0/{userId}");
client.Timeout = -1;
var request = new RestRequest(Method.PATCH);
request.AddHeader("Authorization", "Bearer tokenFromAuthorization");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "\r\n{\r\n \"passwordProfile\" : {\r\n \"password\": \"xxxxxxxxxx\",\r\n \"forceChangePasswordNextSignIn\": false\r\n }\r\n}\r\n\r\n\r\n", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
Also I tried everything from these two links, but nothing helped:
"Update User" operation giving "Insufficient privileges to complete the operation.' error in Microsoft Graph API
Permission screen shoot:
1 answers
solution1
1 ACCPTED 2021-04-26 09:27:10
Your api is wrong, try to change it to https://graph.microsoft.com/v1.0/me , see: update user api. If you use this api to modify user passwords, you must have the role of user administrator or global administrator .
If you want ordinary user roles to be able to change your own password, then you can use the /changePassword endpoint. I have answered similar questions before, and you can use it for your reference.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.