Share via

Permission error while using Microsoft Graph Application AddPassword method

Murali R 0 Reputation points
2024-12-30T20:38:27.0766667+00:00

I'm attempting to automate password creation using the Microsoft Graph Application AddPassword method and the code sample https://learn.microsoft.com/en-us/graph/api/application-addpassword?view=graph-rest-1.0&tabs=python.

I initialized graph_client with ClientSecretCredential something like this:

Credential = ClientSecretCredential(tenant_id, client_id, and client_secret). Graph_client = GraphServiceClient(credential, scopes).

I think that I have given the appropriate permission. I have added the permissions listed below.

User's image

But I'm still getting the 403 (Authorization_RequestDenied) error. Please let me know what extra permissions are required to make it work.

Microsoft Security | Microsoft Graph
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Saranya Madhu-MSFT 2,375 Reputation points Microsoft External Staff
    2024-12-31T02:37:58.0333333+00:00

    Hi @Murali R ,

    Thanks for reaching out to Microsoft!

    I tested from my end by consenting to both "Application.ReadWrite.OwnedBy" and "Application.ReadWrite.All" permissions.

    When only the "Application.ReadWrite.OwnedBy" permission was consented, an error was encountered. However, consenting to the "Application.ReadWrite.All" permission resulted in a successful response, allowing the password creation process to proceed without issues.

    Based on these results, it appears that the "Application.ReadWrite.OwnedBy" permission alone is insufficient for this operation. Consent to the "Application.ReadWrite.All" permission. This will ensure that have the necessary permissions to perform the required operations without encountering authorization errors.

    Hope this helps.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Was this answer helpful?

    0 comments
  2. Anonymous
    2024-12-31T02:27:17.2966667+00:00

    Hello Murali R,

    Thank you for reaching out to Microsoft Support!

    According to the document, permissions Application.ReadWrite.OwnedBy support only update that this Application is the Owner of another Application.

    User's image

    So, you might have 403 because the app you are using is not the Owner, so you need to grant higher permissions Application.ReadWrite.All.

    The test results are as follows:

    Screenshot 2024-12-31 022559

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.