error "Invalid version: users" when try to delete user's account

Yogi Irawan 1 Reputation point
2022-02-16T07:36:44.8+00:00

I'm handling AAD account and try to add a Delete account feature in my iOS Apps.

I'm following the instruction here:

  1. https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-ios
  2. https://learn.microsoft.com/en-us/graph/api/user-delete?view=graph-rest-1.0&tabs=objc

And this is my code to delete an user's account:

func getGraphEndpointForDelete() -> String {  
        return kGraphEndpoint.hasSuffix("/") ? (kGraphEndpoint + "users/\(userID)/") : (kGraphEndpoint + "/users/\(userID)/");  
}  
  
func deleteAccount() {  
        let graphURI = getGraphEndpointForDelete()  
        let url = URL(string: graphURI)  
        var request = URLRequest(url: url!)  
          
        // Set the Authorization header for the request. We use Bearer tokens, so we specify Bearer + the token we got from the result  
        request.allHTTPHeaderFields = [ "Authorization" : "Bearer \(accessToken)" ]  
        request.httpMethod = "DELETE"  
  
          
        URLSession.shared.dataTask(with: request as URLRequest) { data, response, error in  
              
            if let error = error {  
                self.updateLogging(text: "Couldn't get graph result: \(error)")  
                return  
            }  
              
            guard let result = try? JSONSerialization.jsonObject(with: data!, options: []) else {  
                  
                self.updateLogging(text: "Couldn't deserialize result JSON")  
                return  
            }  
              
            self.updateLogging(text: "Result from Graph: \(result))")  
            print("Delete Result from Graph: \(result))")  
              
        }.resume()  
}  

And this is my API permission:
174853-screen-shot-2022-02-16-at-142956.png

Question:

  1. Why I keep getting this error when I set the API permission to User.ReadWrite.All
    Could not acquire token: Error Domain=MSALErrorDomain Code=-50003 "(null)" UserInfo={MSALDeclinedScopesKey=(
    "User.ReadWrite.All"
    ), MSALGrantedScopesKey=(
    "User.Read",
    "User.ReadWrite"
    ), MSALErrorDescriptionKey=Server returned less scopes than requested, MSALCorrelationIDKey=8B95EEAF-5FBF-4813-9F9D-14E3FF26A000, MSALInvalidResultKey=<MSALResult: 0x281eb6760>}
  2. Why I get this error when I execute code above?
    Delete Result from Graph: {
    error = {
    code = ResourceNotFound;
    innerError = {
    "client-request-id" = "2054b083-b1e6-44e8-bd2a-55d598a59ab0";
    date = "2022-02-16T04:15:25";
    "request-id" = "2054b083-b1e6-44e8-bd2a-55d598a59ab0";
    };
    message = "Invalid version: users";
    };
    })
  3. How the correct way to delete a user's account?

Thank you in advance.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,043 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,798 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Sheena-MSFT 1,731 Reputation points
    2022-02-16T13:01:41.197+00:00

    Hi @Yogi Irawan ,

    According to this documentation, you should configure the app with User.ReadWrite.All to delete a user account.

    Please find the below screenshot 174907-delete1.png

    I am able to delete one user account after consent to this User.ReadWrite.All permission with global admin consent (if you are a user admin)

    175011-delete2.png

    Hope this helps.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have further questions about this answer, please click "Comment".


  2. CarlZhao-MSFT 42,031 Reputation points
    2022-02-17T06:50:09.527+00:00

    Hi @Yogi Irawan

    In Azure AD, users cannot delete their own accounts, even administrators. Only a global administrator can delete a user in a global administrator role or any user in the tenant. A user administrator can only delete users who are non-administrators or in specific limited roles.

    By the way, if you have an AAD tenant then you will definitely have a global administrator account.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.