Have an issue with permissions for Graph API application,
On Azure portal in "App registrations" I'm registering new app.
Next I'm adding "Never expires" key to it.
Next I'm setting permissions: Add - Microsoft Graph and checking "Read and write all users' full profiles" (which is actually "User.ReadWrite.All") for both "Application" and "Delegated" permissions.
It should be enough according to this docs: https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_list
Next I'm trying to get all users via this app: https://github.com/AzureADQuickStarts/B2C-GraphAPI-DotNet and receiving this error:
Error Calling the Graph API: { "odata.error": { "code": "Authorization_RequestDenied", "message": { "lang": "en", "value": "Insufficient privileges to complete the operation." } } }
Funny thing #1: If I'm selecting all the permissions for "Microsoft Graph" and for "Windows Azure Active Directory", all the users could be retrieved then (not immediately but after 5 mins, which is also strange)
Funny thing #2: If I'm unselecting then all permissions and setting that back to "User.ReadWrite.All" all users now also could be retrieved without "Insufficient privileges to complete the operation."
Can someone please explain that strange behavior?
And in general, there are similar topics here created but it's still not clear, which permissions should be grunted to get users via Graph API.
