This will be a fairly lengthy set of questions so thanks in advance!
I currently have an app registered where a user can follow this link:
https://login.microsoftonline.com/{tenant_id}/adminconsent?client_id={client_id}
and they are prompted to grant permissions
I then go and get a token:
https.post({
url: `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`,
headers: {
"Content-Type": "application/x-www-form-urlencoded",
},
body:
`client_id=${clientId}` +
"&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default" +
`&client_secret=${clientSecret}` +
"&grant_type=client_credentials",
})?.body
Then I can make api calls like:
https.get({
url: `https://graph.microsoft.com/v1.0/drive?$select=id`,
headers: {
Authorization: `Bearer ${accessToken}`,
Accept: "application/json",
},
}).body
However, this only works for tenants that have a sharepoint license and that grant admin access to everything in the account.
What I would like to be able to do is authenticate by a user and have the graph api only be able to access resources inside the users one drive.
Is there a credential flow that will allow that?
If so, what is it and what would the api call look like to get all files in that users drives?
What permissions would be needed to be granted and how would I grant them?
Any help would be greatly appreciated!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 25%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 96%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYH%3C/text%3E%3C/svg%3E)