UserAuthenticationMethod.ReadWrite

Allows the app to read and write the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods.

Graph Methods

Type: A = Application Permission, D = Delegate Permission

Ver	Type	Method
V1	D	DELETE /me/authentication/emailMethods/{id}
V1	D	DELETE /me/authentication/phoneMethods/{phoneMethodId}
V1	D	DELETE /me/authentication/platformCredentialMethods/{platformCredentialAuthenticationMethodId}
V1	D	DELETE /me/authentication/softwareOathMethods/{id}
V1	D	DELETE /me/authentication/temporaryAccessPassMethods/{id}
V1	D	GET /me/authentication/emailMethods/{id}
V1	D	GET /me/authentication/passwordMethods
V1	D	GET /me/authentication/passwordMethods/{id}
V1	D	GET /me/authentication/phoneMethods/{phoneMethodId}
V1	D	GET /me/authentication/platformCredentialMethods
V1	D	GET /me/authentication/platformCredentialMethods/{platformCredentialAuthenticationMethodId}
V1	D	GET /me/authentication/softwareOathMethods
V1	D	GET /me/authentication/softwareOathMethods/{id}
V1	D	GET /me/authentication/temporaryAccessPassMethods
V1	D	GET /me/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId}
V1	D	POST /me/authentication/phoneMethods/{id}/disableSmsSignIn
V1	D	POST /me/authentication/phoneMethods/{id}/enableSmsSignIn
V1	D	POST /me/authentication/phoneMethods/{mobilePhoneMethodId}/disableSmsSignIn
V1	D	POST /me/authentication/phoneMethods/{mobilePhoneMethodId}/enableSmsSignIn
V1	D	POST /users/{id | userPrincipalName}/authentication/phoneMethods/{id}/disableSmsSignIn
V1	D	POST /users/{id | userPrincipalName}/authentication/phoneMethods/{id}/enableSmsSignIn

Delegate Permission

Id	48971fc1-70d7-4245-af77-0beb29b53ee2
Consent Type	Admin
Display String	Read and write user authentication methods
Description	Allows the app to read and write the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods.

Resources

emailAuthenticationMethod

Property	Type	Description
emailAddress	String	The email address registered to this user.
id	String	The identifier of the email address registered to this user.

passwordAuthenticationMethod

Property	Type	Description
createdDateTime	DateTimeOffset	The date and time when this password was last updated. This property is currently not populated. Read-only. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
id	String	The identifier of this password registered to this user. This is generally 28c10230-6103-485e-b985-444c60001490. Read-only.
password	String	For security, the password is always returned as null from a LIST or GET operation.

phoneAuthenticationMethod

Property	Type	Description
id	String	The identifier of this phone registered to this user. Read-only. The value of ID is one of the following: b6332ec1-7057-4abe-9331-3d72feddfe41 - where phoneType is alternateMobile. e37fc753-ff3b-4958-9484-eaa9425c82bc - where phoneType is office. 3179e48a-750b-4051-897c-87b9720928f7 - where phoneType is mobile.
phoneNumber	String	The phone number to text or call for authentication. Phone numbers use the format +{country code} {number}x{extension}, with extension optional. For example, +1 5555551234 or +1 5555551234x123 are valid. Numbers are rejected when creating or updating if they don't match the required format.
phoneType	authenticationPhoneType	The type of this phone. Possible values are: mobile, alternateMobile, or office.
smsSignInState	authenticationMethodSignInState	Whether a phone is ready to be used for SMS sign-in or not. Possible values are: notSupported, notAllowedByPolicy, notEnabled, phoneNumberNotUnique, ready, or notConfigured, unknownFutureValue.

platformCredentialAuthenticationMethod

Property	Type	Description
createdDateTime	DateTimeOffset	The date and time that this Platform Credential Key was registered.
displayName	String	The name of the device on which Platform Credential is registered.
id	String	A unique identifier for this authentication method. Inherited from authenticationMethod
keyStrength	authenticationMethodKeyStrength	Key strength of this Platform Credential key. Possible values are: normal, weak, unknown.
platform	authenticationMethodPlatform	Platform on which this Platform Credential key is present. Possible values are: unknown, windows, macOS,iOS, android, linux.

softwareOathAuthenticationMethod

Property	Type	Description
id	String	The authentication method identifier.
secretKey	String	The secret key of the method. Always returns null.

temporaryAccessPassAuthenticationMethod

Property	Type	Description
createdDateTime	DateTimeOffset	The date and time when the Temporary Access Pass was created.
id	String	The identifier of the Temporary Access Pass registered to this user. Inherited from entity.
isUsable	Boolean	The state of the authentication method that indicates whether it's currently usable by the user.
isUsableOnce	Boolean	Determines whether the pass is limited to a one-time use. If true, the pass can be used once; if false, the pass can be used multiple times within the Temporary Access Pass lifetime.
lifetimeInMinutes	Int32	The lifetime of the Temporary Access Pass in minutes starting at startDateTime. Must be between 10 and 43200 inclusive (equivalent to 30 days).
methodUsabilityReason	String	Details about the usability state (isUsable). Reasons can include: EnabledByPolicy, DisabledByPolicy, Expired, NotYetValid, OneTimeUsed.
startDateTime	DateTimeOffset	The date and time when the Temporary Access Pass becomes available to use and when isUsable is true is enforced.
temporaryAccessPass	String	The Temporary Access Pass used to authenticate. Returned only on creation of a new **t