I'm trying to update a user's password in Azure Active Directory using the Microsoft Graph API. The user was created using the API endpoint https://graph.microsoft.com/v1.0/users
, and I'm generating an application token in Node.js using the @azure/identity
package.
Implementation Details:
Token Generation: I'm using ClientSecretCredential
to generate the token:
const { ClientSecretCredential } = require('@azure/identity');
const credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
const token = await credential.getToken("https://graph.microsoft.com/.default");
API Call to Update Password: I'm using the following PATCH request to update the user's password:
PATCH https://graph.microsoft.com/v1.0/users/${userId}
Request Body:
{
"passwordProfile": {
"forceChangePasswordNextSignIn": true,
"password": "newPassword"
}
}
Permissions Granted: I've ensured the following permissions are granted in the Azure portal for my app registration:
-
Directory.AccessAsUser.All
-
User.ReadWrite.All
-
Directory.ReadWrite.All
Roles of the Account: The account performing the password reset has one of the following roles:
- Global Administrator
- Privileged Authentication Administrator
- Authentication Administrator
Despite following the documentation here, I receive an accessDenied
error with the message "Request Authorization failed" when updating the password.
Could anyone provide insights on what might be going wrong or what additional permissions or roles are required to update a user's password successfully?