question

BarryB-9309 avatar image
0 Votes"
BarryB-9309 asked bgervin edited

Error when granting these permissions to our application through the Microsoft Graph oAuth flow


Our application requires users to consent to the following Microsoft Graph permission scopes: offline_access User.ReadBasic.All Directory.Read.All Mail.ReadBasic.All.

Some users, despite being global administrators, are faced with the following error when granting these permissions to our application through the Microsoft Graph oAuth flow: Authorization_RequestDenied: Insufficient privileges to complete the operation.

This error is generated after the user grants permissions, and then we call the MS Graph "users" endpoint like so: https://graph.microsoft.com/v1.0/users?$select=id,displayName,mail,userPrincipalName&$filter=userType eq 'Member'.

microsoft-graph-permissions
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ShwetaChoudhary-8869 avatar image
0 Votes"
ShwetaChoudhary-8869 answered

Thank you for reaching out.

  1. For getting access on behalf of the user, please follow documentation here and ensure you have done the steps accordingly.

  2. Use the access token obtained from the token request and call graph API using that.

  3. Check token scope on jwt.ms and observe generated bearer token has all the desired scopes.

  4. If you still face any issues, do revert back with the detailed steps you followed(maybe screenshots) so that it's easy to identify your issue.

Thanks,







5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.