Create a new user in Azure Active Directory (B2C) with Graph API, using http post request

Question

I have previously been adding users programmatically using Active Directory Authentication Library (ADAL), but now I need to define \"signInNames\" (= users email), and that

Answer 1

Did you grant the app sufficient permission to operate users? The create user REST API works well for me for the B2C tenant.

Here are the steps I tested:

1.Create the app via the PowerShell below

PowerShell:

$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$newClientSecret = [System.Convert]::ToBase64String($bytes)

New-MsolServicePrincipal -DisplayName "My New B2C Graph API App" -Type password -Value 

2.Grant the app to User Account Administrator role.

Add-MsolRoleMember -RoleObjectId fe930be7-5e62-47db-91af-98c3a49a38b1 -RoleMemberObjectId 7311370c-dac3-4f34-b2ce-b22c2a5a811e -RoleMemberType servicePrincipal

3.Get the token for the app with client credential flow

POST: https://login.microsoftonline.com/adb2cfei.onmicrosoft.com/oauth2/token
grant_type=client_credentials&client_id={AppPrincipalId return by PowerShell}&client_secret={client_secret}&resource=https%3A%2F%2Fgraph.windows.net

4.Create the user with REST below:

POST: https://graph.windows.net/adb2cfei.onmicrosoft.com/users?api-version=1.6
authorization: bearer {token}
content-type: application/json

{
  "accountEnabled": true,
  "creationType": "LocalAccount",
  "displayName": "Alex Wu",
  "passwordProfile": {
    "password": "Test1234",
    "forceChangePasswordNextLogin": false
  },
  "signInNames": [
    {
      "type": "userName",
      "value": "AlexW"
    },
    {
      "type": "emailAddress",
      "value": "AlexW@example.com"
    }
  ]
}