Cuir in eagar

GraphMinimalPermissionsGuidancePlugin

Compares the permissions used in the JWT token sent to Microsoft Graph against the minimum required scopes needed for requests that proxy recorded and shows the difference.

Screenshot of a command prompt with Dev Proxy showing minimal permissions for a set of Microsoft Graph API requests.

Configuration example

{
  "$schema": "https://raw.githubusercontent.com/dotnet/dev-proxy/main/schemas/v2.4.0/rc.schema.json",
  "plugins": [
    {
      "name": "GraphMinimalPermissionsGuidancePlugin",
      "enabled": true,
      "pluginPath": "~appFolder/plugins/DevProxy.Plugins.dll",
      "configSection": "graphMinimalPermissionsGuidancePlugin"
    }
  ],
  "graphMinimalPermissionsGuidancePlugin": {
   "$schema": "https://raw.githubusercontent.com/dotnet/dev-proxy/main/schemas/v2.4.0/graphminimalpermissionsguidanceplugin.schema.json",
    "permissionsToExclude": [ 
      "profile", 
      "openid", 
      "offline_access", 
      "email"
    ]
  }
}

Configuration properties

Property Description Default
permissionsToExclude The scopes to ignore and not include in the report. profile openid offline_access email

Command line options

None

Next step

Check if you're using excessive Microsoft Graph API permissions

  • Last updated on