I'm able to retrieve profile photos just fine, but run into ErrorAccessDenied when trying to update photos. According to this:
https://graph.microsoft.io/en-us/docs/api-reference/v1.0/api/profilephoto_update
The User.ReadWrite permission should be sufficient. I have assigned my application this privilege using manage.windowsazure.com (and also tried granting all kinds of other privileges), but still get the error. Here's the current set of privileges I've granted to the app:
Directory.AccessAsUser.All Directory.Read.All Directory.ReadWrite.All email Group.Read.All Group.ReadWrite.All MailboxSettings.ReadWrite offline_access profile User.Read User.Read.All User.ReadBasic.All User.ReadWrite User.ReadWrite.All
I'm obtaining the Bearer token with the client_credentials flow as follows:
curl -d grant_type=client_credentials \
-d client_id=CLIENT_ID \
-d client_secret=CLIENT_SECRET
-d resource=https://graph.microsoft.com \
https://login.microsoftonline.com/DOMAINNAME/oauth2/token
I then try to update the profile photo like this:
curl -H "Authorization: Bearer BEARERTOKEN" \
--request PATCH \
-H "Content-Type: image/jpeg" \
-d @photo.jpg
https://graph.microsoft.com/v1.0/users/USERPRINCIPALNAME/photo/\$value
And I get the following error:
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "REQUESTID",
"date": "2016-05-23T16:42:21"
}
}
}