Sharepoint Permissions on Consent Screen

Question

Sharepoint Permissions on Consent Screen

Steve 4848 11

I have the following permissions set on my application:

My authorization URL looks like the following as well:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=XXX&redirect_uri=XXX&response_type=code&response_mode=query&scope=offline_access+user.read+files.readwrite.all+sites.readwrite.all

However, my consent screen does not show the sharepoint permissions:

I am trying to use the drive-list API call to list both OneDrive and Sharepoint destinations to write files to. I don't see the Sharepoint permission on the consent screen and my users are not seeing their Sharepoint drives being listed so I assume this is an issue with the permissions. What am I missing?

Answer 1

Vicky Kumar (Mindtree Consulting PVT LTD) 1,066 Microsoft Employee

Looks like you already have the site permissions, that's why the consent pop won't come, kindly check your scopes by decoding the access token on jwt.ms.

Thanks

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Answer 2

CarlZhao-MSFT 20,696

Hi @Steve 4848

Personal accounts cannot consent to the Sites.ReadWrite.All delegated permission. Because Sites.ReadWrite.All is a SharePoint-specific permission, and SharePoint's target user is a team or organization rather than an personal account. Unless your personal account is invited to an organization or team as a collaborative user.

Only OneDrive supports personal accounts, and the Files.ReadWrite.All permission is sufficient if you're just working with files in OneDrive.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

CarlZhao-MSFT 20,696 Reputation points

2022-08-17T07:19:32.72+00:00

Hi @Steve 4848
Would you please provide us with an update on the status of your issue?
CarlZhao-MSFT 20,696 Reputation points

2022-08-23T10:13:21.117+00:00

Is there anything else I can help with regarding this issue?

You can comment us at any time and we will continue to follow up.

Thanks,
Carl Zhao
Steve 4848 11 Reputation points

2022-08-24T18:22:20.06+00:00

Hi Carl,

So if my client does not see their Sharepoint drive being listed on their account, what can I tell their IT staff to ensure that the Sharepoint drive is listed? How can they confirm whether they are using a personal vs team account? Is there a link that I can share with them to confirm their access permissions are set up correctly?
CarlZhao-MSFT 20,696 Reputation points

2022-08-25T10:08:27.937+00:00

Hi @Steve 4848

You can have your customers call the /drives endpoint and then check the driveType parameter, which is the SharePoint drive if the value of the driveType parameter is documentEdibrary.

It's also easy to tell if it's a personal or a work account, have your customers log in to Graph Explorer and then call the /me endpoint, where the user is a personal account if the id is a short and contiguous string of numbers plus characters.
CarlZhao-MSFT 20,696 Reputation points

2022-08-29T08:36:08.4+00:00

Hi @Steve 4848
Has your problem been solved?

Sharepoint Permissions on Consent Screen

2 answers

Activity