Hi all,
I have a web service that retrieves the most recent locations a user has viewed, modified and his/her followed sites.
To this extent I need to request 3 permission scopes for each user (the access token is provided to the web service - low-trust authorization code OAuth flow):
- Social.Read (to be able to use the SocialFollowingManager and get the followed sites)
- Search.QueryAsUserIgnoreAppPrincipal (to be able to use Office Graph to get latest documents viewed/edited)
- AllSites.Read (to be able to read the default document library URL for each followed site)
The problem I'm facing now is that (thanks to good help from Microsoft support), the Social.Read permissions scopeneeds to be requested from the personal site, i.e. tenant.sharepoint.com/personal/user_name/_layouts/15/OAuthAuthorize.aspx?.... (When not querying the personal site, a "the social list does not exist in your personal site" error
message presents itself after the trust dialog)
When requesting the AllSites.Read, this does not seem to work when querying the personal site (I get 401 Unauthorized when executing CSOM), but does work when I query the root site, i.e. tenant.sharepoint.com.
The Search permission scope can be queried in any of both locations with good results.
I would expect the "AllSites" scope to effectively query all
site collections in the tenant, but it does not.
I don't want to have to ask the user to trust the app twice (once for the personal site and once for the root site collection).
Any ideas on this?
Thanks!