-1

I've set up access to MS Graph API, using Oauth 2.0 3-legged, where permission is asked to final user.

Is it possible to set up MS Graph API Oauth 2.0 for a Office 365 Domain, Group of users via Azure AD or Admin in Office 365 Portal? In other words, a 2-legged Oauth 2.0 for MS Graph?

In G Suite is well documented 2-legged Oauth 2.0, but I have not found documented for MS Graph.

Developer Team The Cloud Gate
  • 51
  • 6
  • Please expand your question to explain your actual scenario. Your question as it stands uses (possibly Google-centric?) terminology that makes it difficult to understand what you're looking for. For example, OAuth 2.0 doesn't have a concept of "legs". I suspect you're asking about which OAuth Grants are supported but I really can't tell from your question which one you might be looking for. – Marc LaFleur May 11 '18 at 13:53
  • @MarcLaFleur we want to implement Ms Graph Oauth 2.0 granting permissions by Administrator ( via AD Azure, Office 365 Admin) to all users of Office 365 domain or groups of users. How can be done? We have already implemented Oauth 2.0 with MS Graph, but user per user need to grant authorization to our app. – Developer Team The Cloud Gate May 13 '18 at 08:43
  • @MarcLaFleur I mentioned Google, G Suite, because in G Suite is possible to grant app permission for a whole G Suite domain (we have done), and it's called 2-legged Oauth.. Legs refers to parties involved.. Third leg refers to final user. – Developer Team The Cloud Gate May 13 '18 at 08:51

1 Answers1

0

I found the solution, using the admin consent endpoint, my app can gather permissions for all users in a tenant, including admin-restricted scopes

https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-scopes#using-the-admin-consent-endpoint

Developer Team The Cloud Gate
  • 51
  • 6