"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
This error occurs if you don't add Delegated type User.Read
API permission or missed granting the admin consent to the added permission.
I registered one Multi-tenant Entra ID application and granted API permission like below:
![enter image description here](https://cdn.statically.io/img/i.imgur.com/IaOVx6b.png)
To get code
, I ran below authorization request in browser:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
&client_id=<app_id>
&client_secret = <client_secret>
&redirect_uri= https://jwt.ms
&response_type=code
&response_mode=query
&scope= https://graph.microsoft.com/.default
When I tried to generate access token with below parameters via Postman, I got same error as below:
POST https://login.microsoftonline.com/common/oauth2/v2.0/token
client_id=<app_id>
client_secret = <client_secret>
redirect_uri= https://jwt.ms
code=code
scope= https://graph.microsoft.com/.default
Response:
![enter image description here](https://cdn.statically.io/img/i.imgur.com/siaB2qZ.png)
![enter image description here](https://cdn.statically.io/img/i.imgur.com/LTPnT8e.png)
To resolve the error, add Delegated type User.Read
API Permission and grant admin consent :
![enter image description here](https://cdn.statically.io/img/i.imgur.com/ysucULW.png)
Now, generated code and access token using same code snippet:
![enter image description here](https://cdn.statically.io/img/i.imgur.com/2EQyLFK.png)
Now, you can call /me
enpoint to get mail_id:
GET https://graph.microsoft.com/v1.0/me
![enter image description here](https://cdn.statically.io/img/i.imgur.com/wTVtMWP.png)
User.Read
permission to resolve the error.