Microsoft Graph api query for granted application permission by administrator

Question

I am integrating my SPA web app with Microsoft 365. I have got a question regarding permissions which were granted while integrating with M365.

After successful integration and approving the permissions by admin in pop-up login window experience i would like to reach the resource to graph api to query for permissions that were granted by administrator in order to enumerate them on front end to show our user which permissions were requested and which are granted.

I know there are resources to check granted permissions but those are for example for drives, share-point user groups. I was unsuccessful in finding any kind of resources that i could reach and call Graph Api to give me all permissions granted for application itself. It is important for me to get this information because user can log in to M365 Azure Active Directory and remove one of granted permission. In such a case my app will not be notified anyhow about that change and reaching out for - lets say User's Message resource without signed in user will not be possible.

Thanks in advance for any help

Answer 1

You can use:

1. List oauth2PermissionGrants: all delegated (user) permissions granted.
2. List appRoleAssignments granted to a service principal: application permissions granted to other applications trough their service principals.
3. List oauth2PermissionGrants: delegated (user) permissions granted for a specific application trought its service principal.

2 and 3 use the beta endpoint with is subject to change and not supported in production applications.