How to upload to onedrive using graph API without creating an application

Question

I am having a script that output .csv file. I want to upload this to onedrive.

I am not able to create an Application as I don't have permission. I have checked az cli's rest option, I am getting Error not found due to the access token not having proper access.

Currently I am using python request module for uploading to onedrive. I am using access token from graph explorer in the Authorization header of API request. This way I am able to upload the file to onedrive.

The access token from az account get-access-token output is causing a 401 Error. While with access token from graph explorer it is properly uploading the file with 201 status code.

Are there any security concern using this way? Even if it is cli script do we need to register the application in azure?

Thank you

Answer 1

Thank you for your question. The access token from Graph Explorer works since the signed in user is requesting the token. To upload files, the delegated permission Files.ReadWrite should be consented to, this does not require admin consent. While your workaround works, this is not the recommended way and actions taken by the script would be attributed to the user signed in to GE when the token was obtained. Since your script should run in the background, you will need to register an application on your tenant, give the application the Files.ReadWrite.All permission - this requires admin consent - then request an access token and upload the file.

Let me know whether this helps and if you have further questions,