Home > OS >  Problem with setting preAuthorizedApplications in Azure app registration with Az Powershell 7.1.0
Problem with setting preAuthorizedApplications in Azure app registration with Az Powershell 7.1.0

Time:02-01

I have a problem with automating the setting of the preAuthorizedApplications for a Azure app registration from Az powershell 7.1.0. The code is making a transition to the MS Graph api's, but the syntax of the preAuthorizedApplications is not clear to me. Everything i found on the net, i tried. But nothing works and keeps erroring out.

I created a piece of test code and a test app registration:

Get-AzADApplication -ApplicationId 956afe7b-f58f-4de5-83ea-02035cc98b3f # Just to get the Types

$PreAuthPrem1 = New-Object -TypeName "Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.MicrosoftGraphPreAuthorizedApplication" $PreAuthPrem1.AppId = "1fec8e78-bce4-4aaf-ab1b-5451cc387264" $PreAuthPrem1.DelegatedPermissionId = "d3a943ac-ea3b-4271-b750-abcd91b01162"

Update-AzADApplication -ApplicationId 956afe7b-f58f-4de5-83ea-02035cc98b3f -api @{"preAuthorizedApplications" = $PreAuthPrem1} -debug

It keep giving me the same error, what is not very helpfull:

Line | 549 | Az.MSGraph.internal\Update-AzADApplication @PSBoundParameters | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Property preAuthorizedApplications in payload has a value that does not match schema.

The request to MS graph is below (taken from the debug command)

DEBUG: ============================ HTTP REQUEST ============================

HTTP Method: PATCH

Absolute Uri: enter image description here

Now we need to use graph explorer to achieve the above requirement by mention the following in our request body by using below method:

Patch : https://graph.microsoft.com/beta/applications/<appObjectId>

Request body :

{
    "api": {
        "preAuthorizedApplications": [
            {
                "appId": "authorizedappClientID",
                "permissionIds": [
                    "oauth2PermissionId"
                ]
            }
        ]
    }
}

Provide the object id of the application in above given URI.

  • Allow the following consent > Modify permission

  • And check your permission ID by navigate to manifest if that is correct or not. enter image description here OUTPUT:-

enter image description here enter image description here

For use az rest please refer this SO THREAD .

CodePudding user response:

This is the code that worked in my Devops pipeline. I gave the service principle the rights and enabled access on to the token.

$Body = @"
{
    "api": {
        "preAuthorizedApplications": [
            {
                "appId": "1fec8e78-bce4-4aaf-ab1b-5451cc387264",
                "permissionIds": [
                    "d3a943ac-ea3b-4271-b750-abcd91b01162"
                ]
            }
        ]
    }
}
"@

$Uri = 'https://graph.microsoft.com/beta/applications/ccd14ce8-1afe-45b3-a461-777d3129399b'
$method = 'PATCH'
$Token = (Get-AzAccessToken -ResourceTypeName MSGraph).Token

$Header = @{
    Authorization = "Bearer $Token"
}
Invoke-WebRequest -Uri $Uri -Method $method -Headers $Header -ContentType 'application/json' -Body $Body

Page link:https//www.codepudding.com/os/283804.html

Prev:Azure Monitoring filter based on OS
Next:Convert C# HostBuilder pipeline to F# in isolated process Azure function
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding