Share via

Permission error while using Microsoft Graph Application AddPassword method

Murali R 0 Reputation points
2024-12-30T20:38:27.0766667+00:00

I'm attempting to automate password creation using the Microsoft Graph Application AddPassword method and the code sample https://zcusa.951200.xyz/en-us/graph/api/application-addpassword?view=graph-rest-1.0&tabs=python.

I initialized graph_client with ClientSecretCredential something like this:

Credential = ClientSecretCredential(tenant_id, client_id, and client_secret). Graph_client = GraphServiceClient(credential, scopes).

I think that I have given the appropriate permission. I have added the permissions listed below.

User's image

But I'm still getting the 403 (Authorization_RequestDenied) error. Please let me know what extra permissions are required to make it work.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,690 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yakun Huang-MSFT 8,505 Reputation points Microsoft Vendor
    2024-12-31T02:27:17.2966667+00:00

    Hello Murali R,

    Thank you for reaching out to Microsoft Support!

    According to the document, permissions Application.ReadWrite.OwnedBy support only update that this Application is the Owner of another Application.

    User's image

    So, you might have 403 because the app you are using is not the Owner, so you need to grant higher permissions Application.ReadWrite.All.

    The test results are as follows:

    Screenshot 2024-12-31 022559

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    0 comments
  2. Saranya Madhu-MSFT 920 Reputation points Microsoft Vendor
    2024-12-31T02:37:58.0333333+00:00

    Hi @Murali R ,

    Thanks for reaching out to Microsoft!

    I tested from my end by consenting to both "Application.ReadWrite.OwnedBy" and "Application.ReadWrite.All" permissions.

    When only the "Application.ReadWrite.OwnedBy" permission was consented, an error was encountered. However, consenting to the "Application.ReadWrite.All" permission resulted in a successful response, allowing the password creation process to proceed without issues.

    Based on these results, it appears that the "Application.ReadWrite.OwnedBy" permission alone is insufficient for this operation. Consent to the "Application.ReadWrite.All" permission. This will ensure that have the necessary permissions to perform the required operations without encountering authorization errors.

    Hope this helps.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.