Share via

Azure AD B2c password reset with graph API

Ishara Madusanka 0 Reputation points
2025-01-27T11:25:20.2533333+00:00

I'm trying to reset the user password with the graph api. here's the document that i refered
https://learn.microsoft.com/en-us/graph/api/authenticationmethod-resetpassword?view=graph-rest-1.0&tabs=http#permissions

This is the decoded access token detailsabout permissions
"roles": [

"User.ReadBasic.All",

"User.RevokeSessions.All",

"User.ReadWrite.All",

"User.DeleteRestore.All",

"UserAuthenticationMethod.ReadWrite.All",

"Directory.ReadWrite.All",

"User.EnableDisableAccount.All",

"User.Invite.All",

"Directory.Read.All",

"User.Read.All",

"User.Export.All",

"User.ManageIdentities.All"

],

but i'm keep getting the below error

User's image

please help me with a fix. TIA

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,920 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,835 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yakun Huang-MSFT 9,705 Reputation points Microsoft Vendor
    2025-01-28T02:29:57.87+00:00

    Hello Ishara Madusanka,

    Thank you for reaching out to Microsoft Support!

    After our tests, everything works well, the test code is as follows:

    using Azure.Identity;
using Microsoft.Graph;
using Microsoft.Graph.Users.Item.Authentication.Methods.Item.ResetPassword;
var scopes = new[] { "offline_access UserAuthenticationMethod.ReadWrite.All" };
// Multi-tenant apps can use "common",
// single-tenant apps must use the tenant ID from the Azure portal
var tenantId = "common";
// Values from app registration
var clientId = "clientId";
var clientSecret = "clientSecret";
// For authorization code flow, the user signs into the Microsoft
// identity platform, and the browser is redirected back to your app
// with an authorization code in the query parameters
var authorizationCode = "authorizationCode";
// using Azure.Identity;
var options = new AuthorizationCodeCredentialOptions
{
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
};
// https://learn.microsoft.com/dotnet/api/azure.identity.authorizationcodecredential
var authCodeCredential = new AuthorizationCodeCredential(
    tenantId, clientId, clientSecret, authorizationCode, options);
var graphClient = new GraphServiceClient(authCodeCredential, scopes);
var requestBody = new ResetPasswordPostRequestBody
{
    NewPassword = "NewPassword",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Users["userId"].Authentication.Methods["28c10230-6103-485e-b985-444c60001490"].ResetPassword.PostAsync(requestBody);

    For your error message, an administrator role may be missing. According to the documentation, in delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission, as shown below:

    User's image

    Reference document:

    https://learn.microsoft.com/en-us/graph/api/authenticationmethod-resetpassword?view=graph-rest-1.0&tabs=csharp#permissions

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.