"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation."

Srini 6 Reputation points

Hi All,
I am trying to hit the Graph API EndPoint but its giving me below error. Do you think anything is missing. I tried it from Postman. First call is to fetch the token and second call to fetch user details
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2021-09-02T04:10:16",
"request-id": "4e9482f0-6148-4097-9fe6-a1587f8ebf3f",
"client-request-id": "4e9482f0-6148-4097-9fe6-a1587f8ebf3f"
EndPoint to fetch user - https://graph.microsoft.com/v1.0/users/firstname.lastname@myCompany.com



Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,052 questions
{count} votes

2 answers

Sort by: Most helpful
  1. JosephXu-MSFT 531 Reputation points

    Hi@Srini You'd better parse the permissions of the token here. If you're using app permission, you can check "roles" property. If you're using delegated permission, you can check "scp" peroperty, to see if there contains User.Read.All.

    1. App permission:
    2. Delegated permission:

  2. Srini 6 Reputation points

    Hi @JosephXu-MSFT - I have pasted the token and here is what I got in response. I do not see roles or spc in it. I have changed someone of the values in it to avoid any issues.

    "typ": "JWT",
    "nonce": "9abcd2zGWzitlRTomilE3UUdInZTXOsXM7y4tS97JAg",
    "alg": "RS983",
    "x5t": "nOo3ZDrOASRE1jKWhXslHR_KXEg",
    "kid": "nOo3ZDrOASRE1jKWhXslHR_KXEg"
    "aud": "https://graph.microsoft.com",
    "iss": "https://sts.windows.net/d34b221f-dca9-5ee8-92f8-1215a965d42a/",
    "iat": 1630642959,
    "nbf": 1630642959,
    "exp": 1630646859,
    "aio": "E2ZgYDjW6h4uu9d5bk38DOW6+bH3AA==",
    "app_displayname": "IT-Token",
    "appid": "22d2b80d-11f3-43f3-8f53-3c08a1723zz2",
    "appidacr": "1",
    "idp": "https://sts.windows.net/d34b221f-dca9-5ee8-92f8-1215a965d42a/",
    "idtyp": "app",
    "oid": "203991a9-3a4c-416d-9fcb-a0e76d2770ae",
    "rh": "0.ATEAHyJL09SsRE6S-BIVqWXUKg230iLzEfNDj1M8CKFyOqMxAAA.",
    "sub": "060771a9-3a4c-416d-9fcb-a0e76d2770ae",
    "tenant_region_scope": "EU",
    "tid": "d34b221f-dca9-5ee8-92f8-1215a965d42a",
    "uti": "cfLwDO238kmUoFakjWFPBB",
    "ver": "1.0",
    "wids": [
    "xms_tcdt": 1525893040