Edit

Share via

GraphMinimalPermissionsGuidancePlugin

  • Article

Compares the permissions used in the JWT token sent to Microsoft Graph against the minimum required scopes needed for requests that proxy recorded and shows the difference.

Screenshot of a command prompt with Dev Proxy showing minimal permissions for a set of Microsoft Graph API requests.

Plugin instance definition

{
  "name": "GraphMinimalPermissionsGuidancePlugin",
  "enabled": false,
  "pluginPath": "~appFolder/plugins/dev-proxy-plugins.dll",
  "configSection": "graphMinimalPermissionsGuidancePlugin"
}

Configuration example

{
  "graphMinimalPermissionsGuidancePlugin": {
   "$schema": "https://raw.githubusercontent.com/dotnet/dev-proxy/main/schemas/v0.27.0/graphminimalpermissionsguidanceplugin.schema.json",
    "permissionsToIgnore": [ 
      "profile", 
      "openid", 
      "offline_access", 
      "email"
    ]
  }
}

Configuration properties

Property Description Default
permissionsToIgnore The scopes to ignore and not include in the report. profile openid offline_access email

Command line options

None

Next step

Check if you're using excessive Microsoft Graph API permissions