I am trying to change my password of Azure account from Microsoft Graph Explorer by using this query:
POST https://graph.microsoft.com/v1.0/me/changePassword
{
"currentPassword": "XXX",
"newPassword": "XXX"
}
I got the below error while executing that query:
{ "error": { "code": "Authorization_RequestDenied", "message": "Access
to change password operation is denied.", "innerError": { "date":
"2022-07-10T05:59:39", "request-id":
"1ecc339e-62f4-4703-9e92-181f894b9790", "client-request-id":
"b353d155-13c2-0809-4d83-efb8ae999742" } }
Do I need permission to change my own password? What's the resolution?
I tried to reproduce the same in my environment and got the same error as below:
POST https://graph.microsoft.com/v1.0/me/changePassword
Body
{
"currentPassword": "XXXX",
"newPassword": "XXXX"
}
Please note that, you need Directory.AccessAsUser.All permission consented like below:
After consenting, I am able to change my password successfully like below:
Reference:
user: changePassword - Microsoft Graph v1.0 | Microsoft Docs
Related
I'm trying to use Keycloak's admin API in order to add a client-level role to the user role mapping. For this purpose I'm using the admin endpoint :
POST /{realm}/groups/{id}/role-mappings/clients/{client}
e.g.:
http://localhost/tests/admin/realms/testrealm/users/d1a15b4c-9853-4d87-9b8d-d4cf3fac3650/role-mappings/clients/3f222762-5300-48f2-be48-32f001d5a7dc
Request body as:
[
{
"id": "32f02358-9312-4b7b-8584-85dcaf257667",
"name": "test_role_app",
"description": null,
"scopeParamRequired": false
}
]
The id in the body request, is the role ID.
Keycloak is responding with error 404 with message:
{
"error": "Role not found"
}
Not sure what is the problem here as the role exists in the system. What could be wrong here?
Turned out to be that I was using the wrong roleId. I had two roles with same name (one at realm level and another one at client level). After using the correct ID everything worked well!
Additionally the whole request body looks like:
[
{
"id": "94cf6502-0375-4b62-a3ae-465d047738c3",
"name": "test_role_app",
"composite": false,
"clientRole": true,
"containerId": "a7e640cb-751d-4caa-81a0-79d38d31e025"
}
]
Getting token is successful:
Post: http://localhost:8180/auth/realms/public-library/protocol/openid-connect/token
Content type:application/x-www-form-urlencoded
Body:x-www-form-urlencoded
client_id:spring-boot-app
username:pooja.kumawat
password:poojakumawat#23
grant_type:password
Output:Token
Creating a user is getting an error:
Post : http://localhost:8180/auth/public-library/users
Authorization:Bearer+Token
Content type:Application/Json
Body:Raw
{
"username": "name",
"enabled": true,
"emailVerified": false,
"firstName": "first",
"lastName": "last",
"credentials": [
{
"type": "password",
"value": "newPas1*",
"temporary": false
}
]
}
Error is:
{
"error": "RESTEASY003210: Could not find resource for full path: http://localhost:8180/auth/public-library/users"
}
It looks like you are using the wrong endpoint, change it to
http://localhost:8180/auth/admin/realms/public-library/users
And keep in mind, the user who is performing the POST request need to have at least the manage-users realm-management role assigned. Otherwise the response will be 403 Forbidden
What you need to do is go to the realm you are using in keycloak. Then go to the users section and select the user you are you using for the request. Under role Mappings, select realm management and assign this user the role realm admin and manage users role. After that, you will be able to make requests
I'm accessing the taleo api. I'm able to open the connection with the hosturl, username and password. But when I try to close or logout the session am unable to do it.
I have opened up the 20 connections now.
How to reset all those connections now?
Logout Request :
POST https://abc.tbe.taleo.net/xxxxx/ats/api/v1/logout
Logout response :
{
"response": {},
"status": {
"success": false,
"detail": {
"errormessage": "Login session for token null is expired or invaid.",
"error": "Login session for token null is expired or invalid.",
"operation": "internal",
"errorcode": "500"
}
}
}
Finally I got the answer. We need to add the authorization token as the cookie like follows .
add in the Header :
Cookie authToken="authorization_token"
Note: authorization_token between quotes
I am using the facebook graph api to programmatically create offers on a page, of which the user is an admin of.
I am sure the user is an admin of that page, still I am getting an error to check my admin permission levels (Error below). Any idea why? Any help is appreciated.
If it is of any help, I have added the following scope to my requests: {scope: 'manage_pages,publish_pages'}
{
"error": {
"message": "Invalid parameter",
"type": "OAuthException",
"code": 100,
"error_subcode": 1528104,
"is_transient": false,
"error_user_title": "Check Your Admin Permission Level",
"error_user_msg": "Only some admins of your Page are able to create and edit offers. Talk to the person responsible for your Page about your admin permission level.",
"fbtrace_id": "FgBVmH5BTW0"
}
}
A snapshot of my code is as follows:
accessToken = req.session.access_token;
FB.setAccessToken(accessToken);
FB.api("page-name", {fields: "access_token,id"}, function (res) {
var pageId = res.id;
var pageAccessToken = res.access_token;
FB.setAccessToken(pageAccessToken);
FB.api(pageId + "/offers", 'post', {
title: "Test title",
expiration_time: 'some datetime',
message: "Test offer 1"
}, function (res2) {
resp.send(res2);
});
When I call:
$ curl 'https://graph.facebook.com/v2.2/<APP_ID>/accounts/test-users?access_token=<APP_ACCESS_TOKEN>&limit=500'
I see 82 accounts, and all but one look like this:
{
"id": "1413484435585065",
"login_url": "https://developers.facebook.com/checkpoint/test-user-login/1413484435585065/"
}
That is, they have no access token.
When I try to delete them I get:
$ curl -XDELETE 'https://graph.facebook.com/v2.2/1413484435585065?access_token=<APP_ACCESS_TOKEN>'
{
"error": {
"message": "(#100) Invalid value specified for param: id",
"type": "OAuthException",
"code": 100
}
}
The only one that DOES have an access token returns:
{
"error": {
"message": "(#2904) You cannot delete the Open Graph Test User for your app.",
"type": "OAuthException",
"code": 2904
}
}
If I go to Roles...Test Users on the Developers page of the app, then it is empty!
Any new test users I create I can see on the Developers page, and I can delete them using the mentioned curl call.
Where could these test users come from, and how do I get rid of them? Or at least filter them when I am listing test users.