{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 虎瘦雄心在 的问题《B2C Graph API - insufficient permissions even when》','https://www.manongdao.com/q-1042151.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Running out of things to try, can anyone please help?
Trying to run 'change password' via Postman
I get token using app id and secret
I can read data from the user profile no problem
I grant permissions to Graph API in Azure portal
I generate the token again, review it in jwt.io, sample
"Device.ReadWrite.All",
"Member.Read.Hidden",
"Directory.ReadWrite.All",
"Domain.ReadWrite.All",
"Application.ReadWrite.OwnedBy",
"Application.ReadWrite.All"
],
I send
"password": "Test123456",
"forceChangePasswordNextLogin": false
to https://graph.windows.net/[tenant]/users/[user]api-version=1.6
I still get a fail with the following
"code": "Authorization_RequestDenied",
"message": {
"lang": "en",
"value": "Insufficient privileges to complete the operation."
}
The change password permission isn't enabled in the same manner as the other permissions on the AD Graph API.
You need to set up a tenant admin local to the B2C tenant and then run the powershell commands as detailed here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet.