Microsoft Graph API - Patch user (permission issue for Application Token)

Question

I am updating an user's password via nodejs-graph-API application(with Application token) with below endpoint

PATCH /users/{userId}

{
  passwordProfile: {
    forceChangePasswordNextSignIn: true,
    password: newPassword,
 }

I provided all the application, delegated access

User.ReadWrite.All, User.ManageIdentities.All, Directory.ReadWrite.All

https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http

I do have two tenants (one for dev and another one for prod) in dev tenant things working fine but it failing in prod tenant

Error:

Error: Could not update password. Error: Authorization_RequestDenied

Permission screen

Answer 1

There are few cases where we cannot modify other user's data simply like that. Not just the permissions of API modify but also we need to be having a proper role to do some operation. As we are modifying the other user's password we should be having the highest or related role that can do it. I used to give Global Admin role which worked in my case.

As @Suresh suggested we can also use Authentication administrator role as it worked for him.

For permission to add to application may take few seconds time as it depends on different factors like internet etc.,