问题
Running out of things to try, can anyone please help?
Trying to run 'change password' via Postman
I get token using app id and secret
I can read data from the user profile no problem
I grant permissions to Graph API in Azure portal
I generate the token again, review it in jwt.io, sample
"Device.ReadWrite.All",
"Member.Read.Hidden",
"Directory.ReadWrite.All",
"Domain.ReadWrite.All",
"Application.ReadWrite.OwnedBy",
"Application.ReadWrite.All"
],
I send
"password": "Test123456",
"forceChangePasswordNextLogin": false
to https://graph.windows.net/[tenant]/users/[user]api-version=1.6
I still get a fail with the following
"code": "Authorization_RequestDenied",
"message": {
"lang": "en",
"value": "Insufficient privileges to complete the operation."
}
回答1:
The change password permission isn't enabled in the same manner as the other permissions on the AD Graph API.
You need to set up a tenant admin local to the B2C tenant and then run the powershell commands as detailed here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet.
来源:https://stackoverflow.com/questions/53281429/b2c-graph-api-insufficient-permissions-even-when-directory-readwrite-all-is-en