use case: calling https://graph.microsoft.com/v1.0/groups by using Authorization_code flow on behalf of the logged in user:
with OAuth2Session scope: https://graph.microsoft.com/.default
oauth_session = OAuth2Session(clientid=clientid, state=session['oauth_state'], client=client,scope="https://graph.microsoft.com/.default")
access_token has the scope: "User.Read". i have no idee how to manipulate this scope!
api client has all required delegated permissions (GroupMember.Read.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All) as here described: https://docs.microsoft.com/de-de/graph/api/group-get?view=graph-rest-1.0&tabs=http
i tried also setting scope "Group.Read.All" in OAuth2Session, but it did not helped.
oauth_session = OAuth2Session(clientid=clientid, state=session['oauth_state'], client=client,scope="https://graph.microsoft.com/Group.Read.All")
the following requests working properly with the same oauth configuration like in use case above described: https://graph.microsoft.com/v1.0/me (here i get the logged in user id), https://graph.microsoft.com/v1.0/users/{id}/getMemberGroups (here i get a list of groups, the user belongs to)
with https://graph.microsoft.com/v1.0/groups or https://graph.microsoft.com/v1.0/groups/{id} i aim to get the display names of the groups or the display name of the groupid of the logged in user. My question: is it possible at all to get the groups of the logged in user via graph api with authorization flow (WebApplicationClient) or maybe only via BackendApplicationClient (client credentals flow). If yes, how can i solve my scope problem?
