I am trying to create an application in a directory using graph API but I am getting below error –
Exception in thread "main" com.microsoft.graph.http.GraphServiceException: Error code: Authorization_RequestDenied
Error message: Insufficient privileges to complete the operation.
POST https://graph.microsoft.com/v1.0/applications
SdkVersion : graph-java/v5.6.0
SdkVersion : graph-java/v5.6.0
[...]
403 : Forbidden
[...]
This is the code that I using to create a Graph Service Client which I will use to call the Graph APIs…
private static GraphServiceClient<Request> createGraphClient() {
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId(clientId)
.clientSecret(clientSecret)
.tenantId(b2cDirectory)
.build();
TokenCredentialAuthProvider tokenCredentialAuthProvider =
new TokenCredentialAuthProvider(scopes, clientSecretCredential);
GraphServiceClient<Request> graphClient = GraphServiceClient.builder()
.authenticationProvider(tokenCredentialAuthProvider)
.buildClient();
return graphClient;
}
The graph client is successfully being created and now when I am trying to create the application using below code I am getting error which I shared above…
private static void createApplication(GraphServiceClient<Request> graphClient) {
System.out.println("Creating application...");
Application application = new Application();
application.displayName = "Test v3";
application.publicClient = new PublicClientApplication();
String appId = graphClient.applications()
.buildRequest()
.post(application)
.appId;
System.out.println("App ID: " + appId);
}
I am very sure this has something with to do with giving permission to directory to allow graph to call and create Apps, but the portal.azure.com UI I am not able to find from where it is done…
Any suggestion please.
>Solution :
Go to Azure AD B2C then select a random App from the list and then go to API permission…
Select the one I showed in screen shot and click on "Grant admin…" and try recalling the API.