Menu
Please describe the difference. If user gives access to my app, then Can I use "delegated scenario" to act on behalf of a user and access his/her emails, contacts etc. I am already using MS Graph api to access my users' data but sometimes even after retrieving access token I encounter this message: Resource could not be discovered.
449
Delegated Scopes are used for scenarios that involve an authenticated user. Unless you're building a daemon/service app or you have a very specific need, it is a safe bet that you should be using Delegated Scopes. Some scopes may still require Admin Consent (i.e. ability to read any users calendar) but the majority only require the User to consent themselves (i.e. ability to read their own calendar).
Application Scopes (aka "App Only") are used for scenarios where there is no user available to authenticate or the application is headless (and therefore no UI in which a user could authentication). These are extremely permissive permissions and always require a Global Administrator to consent to the scopes you've requested. These are also only applicable to Work/School Accounts (AAD) and cannot be used with personal Microsoft Accounts (MSA).
Which scopes are used is a direct result of the OAuth Grant you used to obtain the token.
authorization_code) == Delegated scopesimplicit) == Delegated scopesclient_credentials) == Application scopes
68
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
