Microsoft graph api app throwing error Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation

Question

I am using microsoft graph api app to pull employee information and I am not Azure admin. Admin in my organization has authorized me attached permissions. Even with grated permissions am getting error, Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation.

I am getting Client correctly. Can you please help to resolve this error ?

Answer 1

Note that: To access user information, you need to generate access token by passing User.Read.All scope.

Created a Microsoft Entra ID application:

Generated access token by using below endpoint:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=token+id_token
&redirect_uri=https://jwt.ms
&response_mode=fragment
&scope=openid offline_access User.Read.All
&state=12345
&nonce=12345

Access and ID tokens generated successfully:

If you make use of ID token to access user information you will get 401 error, hence make use of access token to fetch user details.

Decode the access token and make sure that the aud is Microsoft Graph and User.Read.All scope is present:

Pass the above access token, and I am able to access token user information successfully:

https://graph.microsoft.com/v1.0/users?$select=DisplayName,EmployeeId,employeeHireDate,employeeLeaveDateTime,employeeType