Sharepoint Permissions on Consent Screen

Steve 4848 11 Reputation points
2022-08-15T18:22:52.477+00:00

I have the following permissions set on my application:

231090-screen-shot-2022-08-15-at-121645-pm.png

My authorization URL looks like the following as well:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=XXX&redirect_uri=XXX&response_type=code&response_mode=query&scope=offline_access+user.read+files.readwrite.all+sites.readwrite.all

However, my consent screen does not show the sharepoint permissions:

231201-screen-shot-2022-08-15-at-120420-pm.png

I am trying to use the drive-list API call to list both OneDrive and Sharepoint destinations to write files to. I don't see the Sharepoint permission on the consent screen and my users are not seeing their Sharepoint drives being listed so I assume this is an issue with the permissions. What am I missing?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,905 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Vicky Kumar (Mindtree Consulting PVT LTD) 1,156 Reputation points Microsoft Employee
    2022-08-16T03:15:19.51+00:00

    Looks like you already have the site permissions, that's why the consent pop won't come, kindly check your scopes by decoding the access token on jwt.ms.

    Thanks

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments No comments

  2. CarlZhao-MSFT 37,626 Reputation points
    2022-08-16T10:53:44.513+00:00

    Hi @Steve 4848

    Personal accounts cannot consent to the Sites.ReadWrite.All delegated permission. Because Sites.ReadWrite.All is a SharePoint-specific permission, and SharePoint's target user is a team or organization rather than an personal account. Unless your personal account is invited to an organization or team as a collaborative user.

    Only OneDrive supports personal accounts, and the Files.ReadWrite.All permission is sufficient if you're just working with files in OneDrive.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.