I want to create a script that interacts with the MS Graph API and has access to everything I have as a user (the user who registered the App). I am using the python O365 library to do so. There are two types of permissions that one can grant an Azure App:
- Delegated - Request scope access during authentication
- Application - Role is managed from the Azure App ui
I don't need my script to be able to read ALL files, just those my user has access to, but I DO need my script to be automated. O365 offers 2 authentication procedures:
- "authorization" - On behalf of a user
- "credentials" - The client_id, and client_secret are all you need
which apparently correspond to the two types of access listed above.
Since I don't want to expose every single file in my account to the script, I would prefer to use delegated access just to my user files. But I can't find any examples of how to use delegated ("On behalf of a user") access automatically.
How can I automatically - ie. without manual input - authenticate a script with delegated (scope-level) access?
I can't find any examples of this. Is it impossible?