oAuth2PermissionGrant resource type


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

Represents the OAuth 2.0 scopes (delegated permissions) that have been granted to an application (represented by a service principal) as part of the user or admin consent process.

JSON representation

Here is a JSON representation of the resource

  "clientId": "string",
  "consentType": "string",
  "expiryTime": "String (timestamp)",
  "id": "string (identifier)",
  "principalId": "string",
  "resourceId": "string",
  "scope": "string",
  "startTime": "String (timestamp)"


Property Type Description
clientId String The id of the service principal granted consent to impersonate the user when accessing the resource (represented by the resourceId property).
consentType String Indicates if consent was provided by the administrator (on behalf of the organization) or by an individual. The possible values are AllPrincipals or Principal.
expiryTime DateTimeOffset Currently, the expiry time value is ignored.
id String Unique identifier. Read-only.
principalId String If consentType is AllPrincipals this value is null, and the consent applies to all users in the organization. If consentType is Principal, then this property specifies the id of the user that granted consent and applies only for that user.
resourceId String Specifies the id of the resource service principal to which access has been granted.
scope String Specifies the value of the scope claim that the resource application should expect in the OAuth 2.0 access token. For example, User.Read
startTime DateTimeOffset Currently, the start time value is ignored.




Method Return Type Description
Get oAuth2PermissionGrant oAuth2PermissionGrant Read properties and relationships of oAuth2PermissionGrant object.
List oAuth2PermissionGrants oAuth2PermissionGrant collection Retrieve a list of oauth2PermissionGrant objects.
Update oAuth2PermissionGrant oAuth2PermissionGrant Update oAuth2PermissionGrant object.
Delete oAuth2PermissionGrant None Delete oAuth2PermissionGrant object.