Azure AD Import using Graph API works for random applications

Question

I am using Graph API to import users from Azure AD. In my active directory I am configuring application following this link .

In my code I am generating an accesstoken and pass that access token to get user list.

//get token

            String secretKey = EncryptionUtils.decryptAES(encodedSecretKey);
            secretKey = URLEncoder.encode(secretKey);
            String urltoConnect = loginUrlPrefix+tenantId+loginUrlSufix;
            String payLoad = "resource=https%3A%2F%2Fmanagement.core.windows.net%2F&client_id="+clientId+"&grant_type=client_credentials&client_secret=" + secretKey;
            System.out.println(payLoad);
            URL url = new URL(urltoConnect);
            URLConnection connection = null;
            connection = url.openConnection();
            connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            connection.setDoOutput(true);
            java.io.OutputStreamWriter wr = new java.io.OutputStreamWriter(connection.getOutputStream());
            wr.write(payLoad);
            wr.flush();
            BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream(), "UTF-8"));
            String content;
            String html = "";
            while ((content = br.readLine()) != null) {
                if (!content.equals("") && content.length() != 0)
                    html += content.trim();
            }
            return html;


//get user list

            URL url = new URL(String.format("https://graph.windows.net/%s/users?api-version=2013-04-05", tenant,
                    accessToken));

            HttpURLConnection conn = (HttpURLConnection) url.openConnection();
            // Set the appropriate header fields in the request header.
            conn.setRequestProperty("api-version", "2013-04-05");
            conn.setRequestProperty("Authorization","Bearer "+ accessToken);
            conn.setRequestProperty("Accept", "application/json;odata=minimalmetadata");
            String goodRespStr = HttpClientHelper.getResponseStringFromConn(conn, true);
            int responseCode = conn.getResponseCode();
            org.json.JSONObject response = HttpClientHelper.processGoodRespStr(responseCode, goodRespStr);
            org.json.JSONArray users;

            users = JSONHelper.fetchDirectoryObjectJSONArray(response);

If I add multiple applications it works for few gives this error for rest

{ "odata.error": { "code": "Authorization_RequestDenied", "message": { "lang": "en", "value": "Insufficient privileges to complete the operation." } } }

Answer 1

Once you click "Grant Permissions" button the change needs time (could be well more than 10 minutes) to be applied, can you wait for that amount of time and then try again - does the issue still exist?