User Authentication with Graph API

Joseph Wylie 25 Reputation points
2024-07-09T18:30:22.99+00:00

This will be a fairly lengthy set of questions so thanks in advance!

I currently have an app registered where a user can follow this link:
https://login.microsoftonline.com/{tenant_id}/adminconsent?client_id={client_id}

and they are prompted to grant permissions

I then go and get a token:

https.post({
    url: `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`,
    headers: {
        "Content-Type": "application/x-www-form-urlencoded",
    },
    body:
        `client_id=${clientId}` +
        "&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default" +
        `&client_secret=${clientSecret}` +
        "&grant_type=client_credentials",
})?.body

Then I can make api calls like:


https.get({
    url: `https://graph.microsoft.com/v1.0/drive?$select=id`,
    headers: {
        Authorization: `Bearer ${accessToken}`,
        Accept: "application/json",
    },
}).body

However, this only works for tenants that have a sharepoint license and that grant admin access to everything in the account.

What I would like to be able to do is authenticate by a user and have the graph api only be able to access resources inside the users one drive.

Is there a credential flow that will allow that?
If so, what is it and what would the api call look like to get all files in that users drives?

What permissions would be needed to be granted and how would I grant them?
Any help would be greatly appreciated!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,343 questions
OneDrive
OneDrive
A Microsoft file hosting and synchronization service.
1,160 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Yakun Huang-MSFT 6,885 Reputation points Microsoft Vendor
    2024-07-10T01:48:40.8466667+00:00

    Hi @Joseph Wylie

    You can use auth code flow, which requires login authorization from the user and can only access the OneDrive of the logged in user.

    See this link for more information:

    https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.