OneDrive: Giving access to Azure Application through "Application Permissions" instead of "Delegated Permissions"

Hi There

We have read the documentation for OneDrive Remove and it is mentioned that " 1. Under manage select API permissions, click Add a permission and select Microsoft Graph then select delegated permissions."

Our question is the following:

It is possible to configure an Azure Application with "Application Permissions" instead of "Delegated Permissions"?

Thank you,

welcome to forum,

did you try, did it not work?

not sure this is what you need, but have you seen?
https://github.com/rclone/rclone/issues/8097

Hello,

Thank you for your reply. No i haven't tested if it works.

However, even if it does work somehow, this does not a justification that this is also the intended behavior (as designed). That's why the question is related to whether the design implementation is as such that it covers that.

Note that it looks that the "Application Permissions" follow the "client credentials grant" oauth2 flow, which means that only the "client id" and the "client secret" would be enough to get a token for authentication. In this case no token parameter is required.

That is different to the "delegated permissions" case where an initial JSON token needs to be set first, which has an "access_token" and a "refresh_token", using the credentials of an other user. This JSON token gets refreshed by rclone when the access_token gets expired (rclone is using the refresh token for this purpose) takes the new JSON token and updates the rclone configuration file with the new value.

I had a look at ticket #8097, but that relates to an other subject and the configuration used there is related to "Delegated Permissions".

Hope this clarifies.