Hi,
I am writing an API for user to reset self password. User is logged in an web application which calls MS Graph API.
While trying to self update password(I need to verify the current password too), I am getting below error:
code":"Authorization_RequestDenied","message":"Access to change password operation is denied."
Below is my code:
private static async Task UpdatePassword(string clientId, string clientSecret, string tenantId)
{
try
{
var scopes = new string[] { "https://graph.microsoft.com/.default" };
// Configure the MSAL client as a confidential client
var confidentialClient = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithAuthority($"https://login.microsoftonline.com/{tenantId}/v2.0")
.WithClientSecret(clientSecret)
.Build();
GraphServiceClient graphServiceClient =
new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) =>
{
// Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
var authResult = await confidentialClient
.AcquireTokenForClient(scopes)
.ExecuteAsync();
// Add the access token in the Authorization header of the API request.
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
})
);
await graphServiceClient.Users["9c704dfb-a3ea-528a-937c-d7da45ebcc7a"]
.ChangePassword("OldPassword", "NewPassword").Request().PostAsync();
}catch(Exception e)
{
}
}
I also saw /me endpoints but did not understand how to make that work in my scenario.
I appreciate any help, Thank you.