Microsoft Graph API Incremental Permisisons

Can I do incremental Permissions with the msgraph-sdk-javascript library? For example, a user signs in only with the profile but later authorizes access to to their email account or calendar.

1 answer

  • answered 2018-05-16 13:05 baywet

    As you can see here, the Microsoft Graph JavaSciprt SDK doesn't include an authentication library. It is only a higher level wrapper for calls and serialization of objects.

    It is your responsibility to obtain an access token and provide it to the library. You can pass in a token this way:

    var client = MicrosoftGraph.Client.init({
      authProvider: done => {
        //first parameter takes an error if you can't get an access token
        done(null, "PassInAccessTokenHere");

    Microsoft is going through an important transformation for the authentication and authorization endpoints (v1 vs v2). One of the major differences is that v2 supports scopes (as opposed to resources in v1) which provides support for incremental consent.

    Microsoft currently maintains two authentication libraries:

    • Adal.js which targets the v1 endpoint (and doesn't support incremental consent)
    • MSAL.js which targets the v2 endpoint (and support incremental consent)

    Lastly, v2 has a set of limitations in terms of supported flows as well as supported APIs.

    I recommend you read a lot on the subject before making a choice to make sure you won't end up in a dead end of "something is missing in that version" in the middle of the project.