question

PingLi-2413 avatar image
0 Votes"
PingLi-2413 asked saldana-msft edited

Access Membership Graph API, but need admin consent

I have a web app, wants to check if the logged-in user belongs to a group so that I can control the permission of the group and users for my web app.

Checked Graph API has https://docs.microsoft.com/en-us/graph/api/group-getmembergroups?view=graph-rest-1.0&tabs=http. I think it meets my requirement.

However the api needs permission: GroupMember.Read.All, Group.Read.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All. 98519-1.png


When I configured the permission in AAD, it tells all these permission needs Admin Consent, but I can't grant.
98611-2.png

So how can we get admin consent granted. If this API is not proper way to check membership, is there any other way to implement such senario?


Many thanks,
Ping

microsoft-graph-teamworkmicrosoft-graph-usersmicrosoft-graph-identity
1.png (32.9 KiB)
2.png (33.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

michev avatar image
0 Votes"
michev answered

Group membership is returned as part of the token, so you might simply check that. If you do need a separate call, use the /me/memberOf endpoint, or the /me/transitivememberof one.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.