I am getting 403 for a logged in user with no admin credentials when going for:
https://graph.microsoft.com/v1.0/me/memberOf
It works when I am logged in as an admin.
https://graph.microsoft.com/v1.0/me
is working fine!
I have delegated permissions in Azure and accepted them as an admin via
prompt=consent
querystring.
Read all users' full profiles
Read all groups
Read directory data
Access directory as the signed in user
I am getting the token via this.service.acquireToken(https://graph.microsoft.com)
You have the correct workflow but the wrong parameters.
prompt=consent
is used to force the user to re-consent to the required scopes. Typically you would do this if your scopes have changed and you need user's to re-authorize your application.
This shouldn't be confused with prompt=admin_consent
which is used when you have scopes that require an Admin's pre-approval prior to standard user's authorizing your application.
You can find more details about prompt
and other query parameters in this article.