question

SRI-5106 avatar image
1 Vote"
SRI-5106 asked amanpreetsingh-msft commented

what are the permissions required to reset password using microsoft graph api by admin user and what is grant type and scope to get token for Azure AD B2C users?

POST https://graph.windows.net/me/changePassword?api-version=1.6
Content-Type: application/json
{
"currentPassword": "password",

"newPassword": "newpassword"
}

https://graph.microsoft.com/v1.0/users/d7c61b2d-1d54-44f0-98d8-ezZ5610432
{ "currentPassword": "password", "newPassword": "newPass" }
tried all these apis ,but not working

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered amanpreetsingh-msft commented

Hi @SRI-5106 · Thank you for reaching out.

Firstly, the API https://graph.windows.net/ is legacy API and the recommendation now is to use https://graph.microsoft.com/ instead.

The change password operation can only be perform for the same account that was used to acquire the token. If you want to acquire token by using Admin user and use that token to change password of a different user, that is not possible as of now. If the token is acquired by using credentials of User1, you can use that token to change password of User1 only and not of User2.

If you want to change password of the same user, the scope https://graph.microsoft.com/Directory.AccessAsUser.All is required and the grant type can be either Authorization_code or Password. You can use Implicit flow for this purpose as well. Below is an example of Password (ROPC) flow to get the token:
98175-image.png
Administrator can however, reset password for other users, which is different than change password as it does NOT require current password. For this purpose, you will need UserAuthenticationMethod.ReadWrite.All scope.

Read More about Reset Password: passwordAuthenticationMethod: resetPassword


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


image.png (41.7 KiB)
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


Hi @amanpreetsingh-msft . Thank you for response
which permissions are required delegated or applications permissions for reset password?. Iam trying like this but i have few errors.
please help me on this.

POST api https://graph.microsoft.com/v1.0/users/b0c8e3d9-08fa-487a-aff1-85bae11fcsd/authentication/passwordMethods/1256181d-7901-
475b-b200-41ebc6d1047fsfsdf/resetPassword

{
"error": {
"code": "BadRequest",
"message": "Resource not found for the segment 'passwordMethods'.",
"innerError": {
"date": "2021-05-21T06:17:46",
"request-id": "fe23e712-6e77-4170-a271-0e3b8f418c15",
"client-request-id": "fe23e712-6e77-4170-a271-0e3b8f418c15"
}
}
}

0 Votes 0 ·

Hi @SRI-5106 · If you are using Grant type: Password as per the screenshot I shared, you need to UserAuthenticationMethod.ReadWrite.All added as delegated permission.

0 Votes 0 ·

Hi @SRI-5106 · Just checking if the issue is resolved.

0 Votes 0 ·
SRI-5106 avatar image SRI-5106 amanpreetsingh-msft ·

Hi @amanpreetsingh-msft .
Thank you for reaching out to confirm.
The issue is resolved.

0 Votes 0 ·
Show more comments