Following the documentation here: https://learn.microsoft.com/en-us/graph/api/group-post-members?view=graph-rest-1.0&tabs=csharp
I have been trying to add users to a Security Group
The users are all members of the tenant wot O365 e3 liscences
There should be a problem with IDs as this works in Graph explorer
The app calls the graph api on behalf of the signed in user (Delegated)
All the other api calls in the app are working correctly including retrieving calenders, user profiles, group member lists and schedule information
using the code
var requestBody = new Microsoft.Graph.Models.ReferenceCreate()
{
OdataId = "https://graph.microsoft.com/v1.0/directoryObjects/" + userId
};
try
{
await graphClient.Groups[GROUP_ID].Members.Ref.PostAsync(requestBody);
bool test = false
}
catch (ODataError e)
{
}
I get the error Insufficient privileges to complete the operation.
Permissions in the https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps
have also tried with the group.ReadWrite.all permission
Permission in the resulting token
-Calendars.ReadWrite
-Group.Read.All
-GroupMember.ReadWrite.All
-MailboxSettings.Read
-openid
-profile
-User.Read
-User.ReadWrite.All
-email
Does anyone have an idea as to what is wrong? I don't want to grant the app more than the minimum permission necessary.
Thanks
Update: The Permission error doesnt occur if the user being added is an owner of the group. This isn't much use to me I need the app to add the signed in user to the group. Is there other permission I can grant or something I can do so that the api request can add the user to the group without them being an owner?