1
votes

I have tried to update user details by using both App-only authorization flow and delegated authorization flow(sign in get authorization code and then get the access token).

Action: Update onPremisesImmutableId of federated user,

  1. Update UPN of the federated users (this fails)
  2. Update onPremisesImmutableId

Please find the details of the request below,

PATCH https://graph.microsoft.com/v1.0/users/[email protected]
Content-Type: application/json
Accept: application/json
AUTHORIZATION: Bearer
Host: graph.microsoft.com
Content-Length: 150
Expect: 100-continue

{"userPrincipalName":"[email protected]", passwordProfile": { "forceChangePasswordNextSignIn": false, "password":"testTest1234" }}

Response:

{ "error": { "code": "Authorization_RequestDenied", "message": "Insufficient privileges to complete the operation.", "innerError": { "request-id": "d25b7047-0cd0-46da-b77e-c7225bd030c5", "date": "2016-03-22T16:47:17" } } }

can anyone please let me know which application permission to be set so this could work? Also do we have list of things which we can or cannot perform using app-only authorization flow.

Any help would be appreciated.

1

1 Answers

1
votes

Currently, resetting password can only be done in delegated flow. Ensure that "Access directory as the signed in user" permission is requested by your application.