microsoft-graph-explorer-v4 icon indicating copy to clipboard operation
microsoft-graph-explorer-v4 copied to clipboard

Published 20 hours ago verified publisher icon microsoftgraph

Support application specific permissions

Open AydinChavez opened this issue 2 years ago • 4 comments

Hi,

I am desperately looking for a tool, which supports application permissions so I can test various MS Graph endpoints. So far I am doing it by command line tools written in python.

Assuming that it does not take that much of a change within the existing codebase of the ms graph explorer v4, can anyone give me some hints where to change the code in order to support client_id and client_secret? Or maybe somebody did already such change? I am also looking forward for alternative tools for my purpose (=> generic web app supporting oidc and rest URLs like the MS Graph ones)

AydinChavez avatar Aug 31 '22 19:08 AydinChavez

Hey @AydinChavez. Unfortunately this is currently not supported on Graph Explorer or on frontend applications. To use application permissions, an application needs to use client_credentials flow to get tokens. The authentication library that we use on the frontend does not support this kind of authentication flow (It only supports authorization code flow).

We can support this with a node browser plug-in that can proxy calls from Graph Explorer, but this has to be discussed with the team. For now, you will have to keep using the command-line tools. I will mark the ticket as a feature request Let me know if you need any further assistance

Onokaev avatar Sep 05 '22 05:09 Onokaev

Thanks @Onokaev Would appreciate some kind of integration into the react based Graph Explorer since it has already "batteries included". It's just the client_credentials workflow which is missing. I understood that from security standpoint it is not something, which you would incorporate into the public version of the Graph Explorer since it might irritate the users. But for devs, having a local graph explorer running supporting application specific permissions would be extremely helpful

At the moment I am developing a simple flask app taking care of the client credentials from towards MS Graph API but of course it is far away functional wise from the Graph Explorer ;)

AydinChavez avatar Sep 06 '22 09:09 AydinChavez

This would be really handy. I'd love to be able to test Graph API via Graph Explorer configured with an App ID and Secret vs. running code and configurations over and over to work out issues. Graph Explorer is a great way to simply verify that calls are going through and spot checking the results -- completely outside of app/code. If it works, there -- then I know it's something in my code. When building solutions with app level authentication, there's always a lot of trial and error trying to make sure all the permissions and scopes -- and the app configuration is right.

breakpoint7 avatar Sep 06 '22 16:09 breakpoint7

I hear you @AydinChavez and @breakpoint7. @darrelmiller @adhiambovivian @thewahome , what do we do about this request?

Onokaev avatar Sep 07 '22 09:09 Onokaev