how to use graph api and provide scope with microsoft v2.0 endpoint

Question

I am trying to access files on one drive for personal as well as business drive. I am planning to use V2 end point, can somebody point me to sample application, or on how to provide scope for graph api for one drive business using open id connect.

Answer 1

You probably want to use the Microsoft Graph API

I found the following link to be the most helpful on available scopes.

https://graph.microsoft.io/en-us/docs/authorization/permission_scopes

Here's the list:

Permissions requiring administrator consent

• Directory.AccessAsUser.All
• Directory.Read.All
• Directory.ReadWrite.All
• Group.Read.All
• Group.ReadWrite.All
• User.Read.All
• User.ReadWrite.All

Permissions that don't require administrator consent

• Calendars.Read
• Calendars.Read.Shared
• Calendars.ReadWrite
• Calendars.ReadWrite.Shared
• Contacts.Read
• Contacts.Read.Shared
• Contacts.ReadWrite
• Contacts.ReadWrite.Shared
• Files.Read
• Files.Read.All
• Files.Read.Selected
• Files.ReadWrite
• Files.ReadWrite.All
• Files.ReadWrite.AppFolder
• Files.ReadWrite.Selected
• Mail.Read
• Mail.Read.Shared
• Mail.ReadWrite
• Mail.ReadWrite.Shared
• Mail.Send
• Mail.Send.Shared
• MailboxSettings.ReadWrite
• offline_access
• openid

offline_access is necessary if you're doing OAuth2 and want a refresh token.

Answer 2

This article has the information you are looking for: https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oidc/ The scope to get access to OneDrive content is Files.Read or Files.ReadWrite, you can use either of the following strings for the scope parameter: scope=openid%20https%3A%2F%2Fgraph.microsoft.com%2Ffiles.read or scope=openid%20files.read