In the latest preview version of the Microsoft 365 Developer Proxy, we are introducing the preview ability to detect over-consented apps that use Microsoft Graph.
Download Microsoft 365 Developer Proxy v0.9 and check if your apps properly handle API errors.
Detect over-consented apps that use Microsoft Graph
Previously, we introduced support for detecting minimal permissions for calling Microsoft Graph APIs. By recording a series of API requests, you can have the Developer Proxy automatically detect what minimal permissions your app needs to call these APIs. This feature is not only great for your productivity, but also helps you build apps that are secure.
In this version, we continued our work related to minimal permissions and introduce a new plugin which helps you find if your app has more permissions than what it needs (also known as over-consenting).
Similarly to the minimal permissions plugin we introduced previously, the new plugin uses the Developer Proxy’s recording mode to capture the series of Microsoft Graph API requests issued by your app. When you stop the recording, the plugin will compare the scopes/roles on the access token with the minimal permissions needed to call the captured APIs and warn you if your token uses more/broader permissions.
We compare permissions from the access token with minimal permissions locally and are not uploading your access token to any external API.
This new plugin detects over-consenting for both application- and delegated permissions. For more information about how it works, see the documentation.
We’re releasing this feature in preview and will continue to improve its accuracy. We’d love to hear feedback on how it works and how we can make it better.
New name, the same awesome tool
Following our announcement in May, we’re releasing this version under the new name of Microsoft 365 Developer Proxy. We hope that it will make it clearer that you can use this tool with Microsoft Graph and any other API on Microsoft 365 and beyond.
As a part of the rename, we renamed the repository and moved it to the Microsoft organization on GitHub. We’ve also changed the name of the executable to m365proxy which you’ll now use to start the proxy on your machine.
Try it now
Download Microsoft 365 Developer Proxy v0.9 and check if your apps properly handle API errors.
We’re excited about this new version and can’t wait for you to try it out. We look forward to hearing from you about these improvements and how we can continue to make the Microsoft 365 Developer Proxy even better.
Follow us on Twitter @Microsoft365Dev to stay up to date on the latest developer news and announcements.
Happy coding!
0 comments