Resource 'GUID value here' does not exist or one of its queried reference-property objects are not present

Question

I\'m trying to change an Azure AD user password.

The user is already authenticated in a SPA application using the implicit flow and the

Answer 1

After a long debugging session (8 hours or so) I was finally able to get what I wanted after I saw this answer by @Michael Mainer.

This is the "right" code I put together:

public async Task<User> ChangeUserPassword(UserPasswordModel userPasswordModel)
{
    try
    {
        var graphUser = ClaimsPrincipal.Current.ToGraphUserAccount();

        var newUserInfo = new User()
        {
            PasswordProfile = new PasswordProfile
            {
                Password = userPasswordModel.NewPassword,
                ForceChangePasswordNextSignIn = false
            },
        };

        // Update the user...
        return await graphClient.Users[graphUser.ObjectId].Request().UpdateAsync(newUserInfo);
    }
    catch(Exception e)
    {
        throw e;
    }
}

Note 1: graphClient.Users[graphUser.ObjectId] is being used instead of graphClient.Me

Note 2: .ToGraphUserAccount() is from Microsoft.Graph.Auth.

I had a sample PATCH request in Postman that correctly set a new password for the user.

The Access Token used in Postman's Authorization request-header had the same format\properties from the one I was acquiring with Microsoft Graph API. I just compared them using jwt.io. So I must've been calling something wrongly...

I used clientApp.AcquireTokenForClient instead:

var authResult = await clientApp.AcquireTokenForClient(new[] { MSGraphScope }).ExecuteAsync();

return authResult.AccessToken;

where:

MSGraphScope = "https://graph.microsoft.com/.default"