In my PHP webapp I use OneDrive login to allow users to read and only read files. I use to URL scope params:
files.read.all offline_access in the authorize endpoint call:
My code is based on this source: https://docs.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/graph-oauth?view=odsp-graph-online
However, during the login process, the OneDrive dialog from Microsoft shows the user that my app requested full access to all files, so it can create, update, and delete. I don’t want this. I just want read-only access.
Any idea what’s going on here?
Source: Ask PHP