Adam-it
commented
2 days ago @michaelmaillot thanks for pointing it out. I double checked and in code we actually set
'https://graph.windows.net/Directory.AccessAsUser.All',
'https://management.azure.com/user_impersonation',
'https://graph.microsoft.com/User.Read',
'https://graph.microsoft.com/AppCatalog.ReadWrite.All',
'https://graph.microsoft.com/AuditLog.Read.All',
'https://graph.microsoft.com/SecurityEvents.Read.All',
'https://graph.microsoft.com/ServiceHealth.Read.All',
'https://graph.microsoft.com/ServiceMessage.Read.All',
'https://graph.microsoft.com/Sites.Read.All',
'https://graph.microsoft.com/Directory.AccessAsUser.All',
'https://graph.microsoft.com/Directory.ReadWrite.All',
'https://manage.office.com/ActivityFeed.Read',
'https://manage.office.com/ServiceHealth.Read',
'https://microsoft.sharepoint-df.com/AllSites.FullControl',
'https://microsoft.sharepoint-df.com/User.ReadWrite.All'it seems in documentation I missed adding info about 🤦♂️
'https://graph.windows.net/Directory.AccessAsUser.All',
'https://management.azure.com/user_impersonation',I will need to include it in the documentation. Thank you for pointing it out. You Rock 🤩
michaelmaillot
⭐ Priority
(Low)☹️ Something is a little off
📝 Describe the bug
Hello,
When using the Toolkit to register (automatically) the Entra ID app which is used for the CLI, there are more API permissions granted than the ones documented.
Permissions expected to be granted according to the documentation:
https://github.com/pnp/vscode-viva/blob/main/src/webview/view/components/forms/entraAppReg/RegisterEntraAppRegView.tsx#L92
Permissions granted in the app:
Some permissions such as Directory.ReadWrite.All can be a blocker in some organizations.
👣 Steps To Reproduce
📜 Expected behavior
Permissions granted in the documentation should reflect the effective ones.
📷 Screenshots
No response
❓SharePoint Framework Toolkit version
4.0.0
❓Node.js version
18.19.0
🤔 Additional context
No response