Is it possible to edit an Excel file located in onedrive using Microsoft Graph API from an app without having to sign in?

Muzib 21 Reputation points
2019-11-01T17:21:08.573+00:00

This idea may seem crazy, but is it really possible? I have found Excel API which can be used to edit an excel file located at onedrive, given that, I first sign in to my microsoft account. But I have also found this doc: https://learn.microsoft.com/en-us/graph/auth-v2-service which describes how to get access token without a user and it says:

Some apps call Microsoft Graph with their own identity and not on behalf of a user.

which is I think, my situation here.
So I thought that it's possible. But after hours of trying, I couldn't achieve it. Is it really possible?

Universal Windows Platform (UWP)
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,369 questions
0 comments
Accepted answer
  1. Kat Memenza 101 Reputation points
    2019-11-01T19:54:16.887+00:00

    tl;dr: I do not think you can anonymously use Graph + Excel API for this. Depending on the use case, there may be better practice recommendations.

    I think it depends on a lot of factors. Obviously you would have to allow anonymous sharing to the excel file in the first place for unregistered users to be able to view and edit, right? Not a bad start.

    Where I think you will encounter a problem is that even if you register an app in Azure AD to facilitate the permissions in Graph, there are limited options supported accounts types; see the screenshot below to see the options currently available. Not only that, but this raises some security and compliance flags as well.

    alt text

    3 people found this answer helpful.
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Russ Rimmerman 1 Reputation point Microsoft Employee
    2019-11-02T03:15:50.057+00:00

    Have you considered using Flow? There are endless possibilities for triggering a Flow, and a Flow can pull data via Graph API by requesting an access token using a secret key after you do a one-time creation + permissions of an app in Azure AD. No user would need to login, and you can pull the data from Azure AD or wherever you want using Graph, and automatically save it to Excel when your trigger triggers it. Flow would have a connection to your Excel in Excel Online so it would use that connection automatically using your credentials.

    0 comments
  2. Jeremy Thake 6 Reputation points Microsoft Employee
    2020-02-11T22:13:04.287+00:00

    The Excel APIs require you to be signed in using a delegated access token. You cannot access the Excel APIs anonymously. As documented here https://learn.microsoft.com/en-us/graph/api/resources/excel?view=graph-rest-1.0#authorization-and-scopes

    Unfortunately, the Workbook APIs on Microsoft Graph only support delegated access, not application access. So you could not create a web api that your user could access anonymous and poke through using an application access token.

    0 comments