Update user attributes on Azure AD

Question

I am using Azure AD for user authentication, and using user flows for singup and login, we also have some custom attributes which are set through the user flow itself. I am trying to update those custom attributes for a user using his access token Now reading through the azure ad documentation i came across Azure Ad graph apis but the access token token of the user comes as invalid (request is shown below), I am assuming that we need some administrator token here, but based on the requirements we need to use the user access token itself.

(PATCH) https://graph.windows.net/{myorganization}/users/{user_object_id}?api-version=1.6
Authorization: bearer --user access_token which we get after using the login user flow---

Request body:
{
   "someCustomAttribute": "some updated value"
}

Response:
{
"odata.error": {
    "code": "Authentication_ExpiredToken",
    "message": {
        "lang": "en",
        "value": "Your access token has expired. Please renew it before submitting the request."
    }
}

}

I made sure that token is valid and is not expired (tested using passport).

Answer 1

A B2C user authentication occurs against a B2C application registration. B2C application registrations cannot acces Graph API as a resource.

When you would like a user to be able to modify their profile information, use a Profile Edit user flow instead.

If you as an Admin want to manage user attributes, register an AAD App Registration inside your B2C tenant and configure it to access AAD Graph API. Use client credential flow to obtain a token server side to make operations against the B2C directory.

Answer 2

You must acquire an access token for the Azure AD Graph API using the Azure AD endpoint -- not the Azure AD B2C endpoint.

You can use any Azure AD flow -- e.g. implicit grant, e.g. authorization code grant, client credential grant -- for this.