Unexpected behavior for AppFolder permissions

[nicolasbeauvais]

I created an app with Files.ReadWrite.AppFolder permission only.
Request to: https://graph.microsoft.com/v1.0/drive/special/approot
Response: 404, and the AppFolder is not created in my Onedrive.

The documentation states:

"OneDrive creates your app's folder in the user's Apps folder, located in the root of the user's OneDrive, when your app makes the first call to the folder using the special folder namespace. Below are the most common calls your app can make to create the folder for the first time."

So my AppFolder should have been created and not return 404.

If I try the exact same process after adding the Files.ReadWrite.All permission the request success and return the expected response:

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#drive/special/$entity",
    ...
    "folder": {
        "childCount": 0
    }
}

and my AppFolder is successfully created. Isn't the whole point of the Files.ReadWrite.AppFolder permissions to avoid requiring full read/write access to our users?

[moughxyz]

I too have just experienced this same issue. Requesting Files.ReadWrite.AppFolder gives me access denied when I try to access my app folder via drive/special/approot. Only when I request Files.ReadWrite.All am I finally able to access my app folder.

Like OP said, this kind of defeats the point of having a sandboxed app folder if a user needs to give me total access for me to write to it. Hoping this gets fixed.

---

Also, I believe the documentation here should be updated to reflect the new naming of app folder scopes: https://dev.onedrive.com/misc/appfolder.htm

onedrive.appfolder -> Files.ReadWrite.AppFolder

[incoming-th]

February 2018, still have this issue. Hope it will get fixed soon.

[ificator]

This issue has unfortunately changed owners a couple of times - let me get to the bottom of the status here see where we are.

[ificator]

For those who are seeing issues, are you trying to hit OneDrive Business or OneDrive Consumer. From what I can tell the fix for ODC should be deployed now.

[nicolasbeauvais]

@ificator had the bug with both, ODC and ODB

[ificator]

OK, so here's what the state of the world is:

1. OneDrive Consumer had an issue whereby provisioning wouldn't work when the Files.ReadWrite.AppFolder scope was the only one present, but that should now be fixed. To my knowledge OneDrive Consumer should be working as expected so please let me know if you're seeing anything that contradicts this.

2. OneDrive Business does not support Files.ReadWrite.AppFolder (see these remarks). We want to fix this so that it aligns with how OneDrive Consumer behaves, but it's a non-trivial change.

If support for OneDrive Business is something that you'd really like to see I'd suggest upvoting any appropriate asks on our uservoice page (or creating one if there aren't any already).