1
votes

I am trying to create a Reset password page, that will take the new password of the logged in user to reset the password of the user in Azure AD. I have read the information given in the following page, for User Update API.

https://docs.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=cs

I have Directory.ReadWrite.All User.ReadWrite.All (delegated) and User.ReadWrite.All (Application) permissions in Azure AD configuration page. I had asked another query in SO for creating users through MS Graph API, in which I learned how to create an Access token. I am following the same procedure to get access token for calling "User Update API". In Postman I am passing the below value.

PATCH https://graph.microsoft.com/v1.0/users/[email protected]
Content-type: application/json
Authorization: bearer TOKEN

{
     "passwordProfile":
    {
      "forceChangePasswordNextSignIn":false,
      "password": "XXXXXXXXX"
    }

}

When I execute this I get the following error

{
    "error": {
        "code": "Authorization_RequestDenied",
        "message": "Insufficient privileges to complete the operation.",
        "innerError": {
            "request-id": "1ab4e11b-57e7-481f-9d93-296a3dece72c",
            "date": "2019-05-10T05:13:19"
        }
    } }

I am unable to understand why I am getting this error because all permissions are given for the user.

I have gone through all the questions related to "Insufficient privileges to complete the operation" in SO before posting this question.

1
I will update you with the result. Admin takes time to provide permissio, as per internal process.KurioZ7

1 Answers

2
votes

Because when updating the passwordProfile property, youn need the Directory.AccessAsUser.All permission.

See: https://docs.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=cs

enter image description here