What is the best practice as an app that has requested delegated user permissions when the user chooses to uninstall said app (or re-install the app in case where the scopes need to change)? I'm reading that to revoke the permissions via the API one requires the DelegatedPermissionGrant.ReadWrite
scope to call the oAuth2PermissionGrant API. This seems to be more likely to trigger the admin approval for the app... I'm thinking that if I'm only requesting minimal scopes it's more likely the admin will not have to approve it for them or the org (as described in Consent experience for applications in Microsoft Entra ID).
I also see the note at the bottom of the grant or revoke permissions article which states:
This method of granting permissions using Microsoft Graph is an alternative to
interactive consent
and should be used with caution.
This is an app that would be installed by a wide variety of different users - so I'm expecting that in many circumstances the user should be able to approve the scopes for themselves and in other enterprise level cases they'd need their admin to approve it for their tenant. I'm looking for the best practice to be able to satisfy both cases. Here is what the scopes for the app in question currently look like:
