Authorization Error while updating user passworProfile with graph API

Question

Attempting user update with password Profile, returns following response:

{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2020-07-20T09:28:13",
"request-id": "1c63f4c2-5c18-404b-9d91-30ace5fc3900"
}
}
}

It I try the same request using the Graph API Explorer, It works.
I think the reason is that the API token is already generated in API Explorer which is authorized to update passwordProfile.

While the method I use for generating token in my application is using following API:

/oauth2/v2.0/token
with client_id, client_secret and .default as scope and grant_type = client_credetials.

What will be the suitable approach for obtaining a token for updating user with passwordProfile.

The required permissions are given and admin consent is also obtained.

Answer 1

@AdityaPareekQuickLaunchIdentity-4855, Thank you for reaching out. The works with Graph API Explorer is because the token issued to the request generated from the Graph API explorer is for the user and in your app, when you try to request the token you are requesting it in application's context (i.e for the application) as you are using client_credentials flow there.

You would need to implement the Authorization-Code Grant flow or Password Owner Resource Grant Flow in this case to get your job done. Choose the flow that suits best for your application's design as both these flows are for users, in other words using both these flows you can get a token issued to your user.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.