I have multiple applications at https://apps.dev.microsoft.com into which users log in with their Microsoft accounts from my website. Each requires different set of permissions/scopes, for example some only need User.Read but some need Directory.Read.All, offline_access etc.
Is there any way to query Microsoft Graph API for all the permissions/scopes the user has logged in with (= given consent to)?
For example GET https://graph.microsoft.com/beta/currentPermissions
The goal is to know whether a specific API call is allowed to be ran for the user on the application. This would prevent useless API calls and
{
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation."
}
responses.
Browsing the documentation gave no results.
If users are logging in with work or school accounts (Azure AD), you can just look inside the access token to see a list of permissions like User.Read or Files.ReadWrite. To see this before you code it up, there's tools like https://jwt.io/ where you can give them your token (only do this with a test account, not a real account) and you can see the values ("claims") in the token.
To do this in code, there's JWT decoding libraries in every language. I'm not sure what your programming in, so just search GitHub/Google and I'm sure you'll see plenty of JWT libraries available.