"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation."

Srini 6 Reputation points
2021-09-02T07:39:54.667+00:00

Hi All,
I am trying to hit the Graph API EndPoint but its giving me below error. Do you think anything is missing. I tried it from Postman. First call is to fetch the token and second call to fetch user details
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2021-09-02T04:10:16",
"request-id": "4e9482f0-6148-4097-9fe6-a1587f8ebf3f",
"client-request-id": "4e9482f0-6148-4097-9fe6-a1587f8ebf3f"
}
}
}
EndPoint to fetch user - https://graph.microsoft.com/v1.0/users/firstname.lastname@myCompany.com

128606-ea122a30-6db7-4df1-b6ea-0cb8ebb8ff8b.png

128607-11ef7a73-137e-4bc5-9407-422271860bd4.png

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,052 questions
{count} votes

2 answers

Sort by: Most helpful
  1. JosephXu-MSFT 531 Reputation points
    2021-09-03T02:35:10.867+00:00

    Hi@Srini You'd better parse the permissions of the token here. If you're using app permission, you can check "roles" property. If you're using delegated permission, you can check "scp" peroperty, to see if there contains User.Read.All.

    1. App permission:
      128904-image.png
    2. Delegated permission:
      128828-image.png

  2. Srini 6 Reputation points
    2021-09-03T04:35:05.637+00:00

    Hi @JosephXu-MSFT - I have pasted the token and here is what I got in response. I do not see roles or spc in it. I have changed someone of the values in it to avoid any issues.

    {
    "typ": "JWT",
    "nonce": "9abcd2zGWzitlRTomilE3UUdInZTXOsXM7y4tS97JAg",
    "alg": "RS983",
    "x5t": "nOo3ZDrOASRE1jKWhXslHR_KXEg",
    "kid": "nOo3ZDrOASRE1jKWhXslHR_KXEg"
    }.{
    "aud": "https://graph.microsoft.com",
    "iss": "https://sts.windows.net/d34b221f-dca9-5ee8-92f8-1215a965d42a/",
    "iat": 1630642959,
    "nbf": 1630642959,
    "exp": 1630646859,
    "aio": "E2ZgYDjW6h4uu9d5bk38DOW6+bH3AA==",
    "app_displayname": "IT-Token",
    "appid": "22d2b80d-11f3-43f3-8f53-3c08a1723zz2",
    "appidacr": "1",
    "idp": "https://sts.windows.net/d34b221f-dca9-5ee8-92f8-1215a965d42a/",
    "idtyp": "app",
    "oid": "203991a9-3a4c-416d-9fcb-a0e76d2770ae",
    "rh": "0.ATEAHyJL09SsRE6S-BIVqWXUKg230iLzEfNDj1M8CKFyOqMxAAA.",
    "sub": "060771a9-3a4c-416d-9fcb-a0e76d2770ae",
    "tenant_region_scope": "EU",
    "tid": "d34b221f-dca9-5ee8-92f8-1215a965d42a",
    "uti": "cfLwDO238kmUoFakjWFPBB",
    "ver": "1.0",
    "wids": [
    "0977a1d9-0d1d-4acb-b480-d5ca73121e20"
    ],
    "xms_tcdt": 1525893040
    }.[Signature]