Create extensionProperty - Insufficient privileges
I am trying to use Graph API to create an extension, but for some reason I am getting the "Insufficient privileges" error.
The application is using a client credentials provider, so it requires application permissions and not delegated ones.
The Microsoft documentation (application-post-extensionproperty) says that a permission of Application.ReadWrite.OwnedBy
is needed.
I currently have three permissions set in my application:
- Application.Read.All
- Application.ReadWrite.OwnedBy
- User.ReadWrite.All
All three are type "Application".
This is the code that I am trying to run:
ExtensionProperty extensionProperty = new ExtensionProperty
{
Name = extensionName,
DataType = "string",
TargetObjects = new List<String>
{
"User"
},
};
try
{
ExtensionProperty result = await GraphClient.graphInstance.Applications[config["objectId"]].ExtensionProperties
.Request()
.AddAsync(extensionProperty);
return "Extension created!";
}
catch (Exception exError)
{
Debug.WriteLine(exError.ToString());
return "Error while creating extension";
}
And it returns the error of:
Status Code: Forbidden
Microsoft.Graph.ServiceException: Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
If I list the extensions, that does not return an error - although the list is empty since there are no extensions created yet.