I'm trying to use the Microsoft Graph api to check if the signed in user is in a group (I would use claims based authentication, but the number of claims that were returned is limited to 150 items, which is not enough when my user is in a lot of groups). The problem is, I'm signing into Microsoft's Active Directory, so I am definitely not an administrator and cannot approve services like letting my user look at the entire Microsoft directory.
However, this link and this link combined seem to suggest that I'll need some permissions that can ONLY be granted by the administrator to achieve functionality (to see groups I can already see elsewhere). So, it seems like it's impossible for me, as a lowly code monkey, to access the url:
https://graph.microsoft.com/beta/me/memberOf
with the permissions I can grant. Am I understanding this correctly and is there another way to do what I'm trying to do?
You are right, you do need to log in as admin to grant those permissions when using the Microsoft Graph API.
I've just tried on the older Azure AD Graph API. There it works, but I don't know whether my org has granted the older Graph Explorer app any special privileges.
Try out https://graphexplorer.azurewebsites.net/ and GET https://graph.windows.net/tenant/me/memberOf