c# - Microsoft Graph API 更改用户密码返回错误权限不足，无法完成操作

问题描述

当我尝试更改 Azure AD 用户密码时，我不断收到此错误："code": "Authorization_RequestDenied", "message": "Insufficient privileges to complete the operation."

我添加了所有需要的权限，并使用 OAuth 2.0 ROPC 进行授权。这是授权请求：

var client = new RestClient("https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("client_id", "clientID");
request.AddParameter("scope", "user.read openid profile offline_access");
request.AddParameter("client_secret", "xxxxxxxxxxxxx");
request.AddParameter("username", "userr@xxxxxxx.onmicrosoft.com");
request.AddParameter("password", "xxxxxxxxx");
request.AddParameter("grant_type", "password");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);

这是用户更新请求：

var client = new RestClient("https://graph.microsoft.com/v1.0/{userId}");
client.Timeout = -1;
var request = new RestRequest(Method.PATCH);
request.AddHeader("Authorization", "Bearer tokenFromAuthorization");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "\r\n{\r\n      \"passwordProfile\" : {\r\n      \"password\": \"xxxxxxxxxx\",\r\n      \"forceChangePasswordNextSignIn\": false\r\n    }\r\n}\r\n\r\n\r\n",  ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);

我也尝试了这两个链接中的所有内容，但没有任何帮助：

1. https://docs.microsoft.com/en-us/answers/questions/9942/do-we-have-any-microsoft-graph-api-to-change-the-p.html

2. “更新用户”操作给出“权限不足，无法完成操作。” Microsoft Graph API 中的错误

权限截图：

标签： c#azurehttpazure-active-directory