Permissions

We reduced the number of permissions to the required minimum to safely identify and authenticate users. For the SSO we need the following:

• openid – sign users in (https://docs.microsoft.com/en-us/graph/permissions-reference#openid-connect-oidc-scopes)
• offline_access – maintain access to data you have given it access to (https://docs.microsoft.com/en-us/graph/permissions-reference#openid-connect-oidc-scopes)
• User.read - sign in and read user profile (https://docs.microsoft.com/en-us/graph/permissions-reference#user-permissions)
• profile – view users’ basic profile (https://docs.microsoft.com/en-us/graph/permissions-reference#openid-connect-oidc-scopes)