Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[Feature Request] It should be possible to use GraphServiceClient to call graph APIs requiring app only permissions
See original GitHub issueIs your feature request related to a problem? Please describe. When developers want to call graph to call an app only method, the current GraphServiceClient cannot be used as it uses GetTokenForUserAsync. See https://github.com/AzureAD/microsoft-identity-web/blob/f609eeef9e69cee9c997bb73fb98d7c180d845af/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionCredentialProvider.cs#L39
number of customers hitting this issue so far: 2
Describe the solution you’d like Have a way to call app only methods (corresponding to App-only scopes)
Describe alternatives you’ve considered
- enable a second GraphServiceClient to be injected (with a different type ?). Maybe a class named
AppOnlyGraphServiceClientwhich would have only one property which would be the GraphServiceClient, or which would inherit from GraphServiceClient. - have an extension method on GraphServiceClient which would specify that the developer wants to have an app-only and then use it GetTokenForUserAsync. See https://github.com/AzureAD/microsoft-identity-web/blob/f609eeef9e69cee9c997bb73fb98d7c180d845af/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionCredentialProvider.cs#L39
Additional context See the ASP.NET Core Graph web hooks sample where the GraphServiceClient can only be used for delegated scopes:
Issue Analytics
- State:
- Created 3 years ago
- Comments:23 (7 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Included in 1.2.0 release.
cc: @darrelmiller @baywet @pschaeflein @1iveowl
I don’t think relying on this additional method should be the main option.
If a customer has a business service that does a bunch of calls to Microsoft graph with that approach they need to update all my service calls and muddy the business service with the concern of the auth.
Relying on service dependency injection would allow them to configure things at the moment they configure ms id web and then swap/pass graph service clients to depending services based on the scenario.
Additionally the addGraph methods should accept a Func<ITokenaquisition,GraphServiceClient> so people can fully configure the graph service client as they see fit without placing a burden on ms id web to expose additional methods.
Sorry for the badly formatted comment, I’m on my phone