I was planning to use Azure AD Graph API but then noticed on the Microsoft docs about suggestions to use Microsoft Graph API.
Is there a documentation provided for changing a user's password?
string result = Task.Run(async() => { return await GetAccessToken(); }).GetAwaiter().GetResult();
var graphserviceClient = new GraphServiceClient(
new DelegateAuthenticationProvider(
(requestMessage) =>
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", result);
return Task.FromResult(0);
}));
var changePasswordRequest = graphserviceClient.Me.ChangePassword("oldpassword", "newpassword");
However I don't think this is sufficient. Any documentation available?
You could update passwordProfile
property to change the current user's password . Please refer to below code :
await graphClient.Me.Request().UpdateAsync(new User
{
PasswordProfile = new PasswordProfile
{
Password = "YourPassword",
ForceChangePasswordNextSignIn = false
},
});
And according to documentation, one of the following scopes is required to execute this API: User.ReadWrite
User.ReadWrite.All
Directory.ReadWrite.All
.
Edit:
The documentation has been updated with the following note:
When updating the passwordProfile
property, the following scope is required: Directory.AccessAsUser.All
.
See here:
https://blogs.msdn.microsoft.com/aaddevsup/2018/10/17/unable-to-modify-user-email-phone-number-password-or-other-personal-information-for-azure-active-directory-users/
If you call this from an app/api, you'll need to assign an AD role to the serviceprincipal of the application.