MS Graph API 403 error when calling users even access is granted

0
votes

I am generating access token by the following route in my node.js

https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token

After that I get access_token but no scope parameter.

When i try to hit the https://graph.microsoft.com/v1.0/users?$filter=startswith(givenName,'J') url with Authorization Header added i get

{
    "error": {
        "code": "Authorization_RequestDenied",
        "message": "Insufficient privileges to complete the operation.",
        "innerError": {
            "date": "2022-05-13T18:10:19",
            "request-id": "7086d829-13c1-4671-8bd4-9f365aa29417",
            "client-request-id": "7086d829-13c1-4671-8bd4-9f365aa29417"
        }
    }
}

Even though I have granted permissions and admin consent.

I would really appreciate any help.

PS(I have owner access to the app and AAD)

node.jsmicrosoft-graph-apimicrosoft-graph-sdks
And which permissions have you granted to your app? - scottwtang
I have granted the Policy.ReadWrite.DeviceConfiguration Policy.ReadWrite.FeatureRollout Policy.ReadWrite.MobilityManagement Policy.ReadWrite.PermissionGrant Policy.ReadWrite.TrustFramework profile RoleAssignmentSchedule.Read.Directory RoleAssignmentSchedule.ReadWrite.Directory SearchConfiguration.Read.All SearchConfiguration.ReadWrite.All TeamMember.Read.All TeamMember.ReadWrite.All TeamMember.ReadWriteNonOwnerRole.All User.Export.All User.Invite.All User.ManageIdentities.All User.Read User.Read.All User.ReadBasic.All User.ReadWrite User.ReadWrite.All - Bilal Malik
AccessReview.Read.All AccessReview.ReadWrite.All AccessReview.ReadWrite.Membership AdministrativeUnit.Read.All AdministrativeUnit.ReadWrite.All Directory.AccessAsUser.All Directory.Read.All Directory.ReadWrite.All Directory.Write.Restricted DirectoryRecommendations.Read.All DirectoryRecommendations.ReadWrite.All email offline_access openid Policy.Read.All Policy.Read.ConditionalAccess Policy.Read.PermissionGrant Policy.ReadWrite.ApplicationConfiguration Policy.ReadWrite.AuthenticationFlows Policy.ReadWrite.AuthenticationMethod - Bilal Malik
Policy.ReadWrite.Authorization Policy.ReadWrite.ConditionalAccess Policy.ReadWrite.ConsentRequest Policy.ReadWrite.CrossTenantAccess - Bilal Malik
Check the doc which permissions are required for /users endpoint. docs.microsoft.com/en-us/graph/api/… - user2250152