堆栈内存溢出
  简体   繁体   English

how to give grant Permissions for an app in azure ad using powershell

[英]how to give grant Permissions for an app in azure ad using powershell

 原文  2018-02-01 05:49:45       powershell/ azure/ permissions/ automation/ azure-active-directory

问题描述

trying to automate the azure app registration process using powershell

need some help for giving grant permission for an app after assigning api permissions using powershell can anyone help me on this.

and is there any better way to automate azure app reg process other than powershell?

2 个解决方案

解决方案1
 1  2018-10-23 13:03:46

Try this: Login-AzureRmAccount

function get-azureRMToken() {
    <#
    .Synopsis
     This function gets the access token for the use
    #>
    try {
        $context = Get-AzureRmContext
        $tenantId = $context.Tenant.Id
        $refreshToken = @($context.TokenCache.ReadItems() | where {$_.tenantId -eq $tenantId -and $_.ExpiresOn -gt (Get-Date)})[0].RefreshToken
        $body = "grant_type=refresh_token&refresh_token=$($refreshToken)&resource=74658136-14ec-4630-ad9b-26e160ff0fc6"
        $apiToken = Invoke-RestMethod "https://login.windows.net/$tenantId/oauth2/token" -Method POST -Body $body -ContentType 'application/x-www-form-urlencoded'
        return $apiToken.access_token
    }
    catch {
        Write-Output "Exception.Message=$($_.Exception.Message); ScriptStackTrace=$($_.ScriptStackTrace); Exception.StackTrace=$($_.Exception.StackTrace); FullyQualifiedErrorId=$($_.FullyQualifiedErrorId); Exception.InnerException=$($_.Exception.InnerException)"
    }
}

function grant-aap-required-permission() {
    <#
    .Synopsis
     This function invoke azure rest to grant permission.
     #>
    Param(
        [Parameter(Mandatory = $true)]$azureAppId
    )
    try {
        $token = get-azureRMToken
        $header = @{
            'Authorization'          = 'Bearer ' + $token
            'X-Requested-With'       = 'XMLHttpRequest'
            'x-ms-client-request-id' = [guid]::NewGuid()
            'x-ms-correlation-id'    = [guid]::NewGuid()
        }
        $url = "https://main.iam.ad.ext.azure.com/api/RegisteredApplications/$azureAppId/Consent?onBehalfOfAll=true"
        Invoke-RestMethod –Uri $url –Headers $header –Method POST -ErrorAction Stop

    }
    catch {
        Write-Output "Exception.Message=$($_.Exception.Message); ScriptStackTrace=$($_.ScriptStackTrace); Exception.StackTrace=$($_.Exception.StackTrace); FullyQualifiedErrorId=$($_.FullyQualifiedErrorId); Exception.InnerException=$($_.Exception.InnerException)"
    }

}

解决方案2
 0  2020-12-15 03:50:15

It seems that we can now use the Azure CLI in powershell. I can grant permission with a single command.

az ad app permission grant –id $appId –api $apiAppId –scope $scope

This worked on the Azure Cloud Shell where $appId, $apiAppId, and $scope are regular powershell variables.

The documentation for this command is here: https://docs.microsoft.com/en-us/cli/azure/ad/app/permission?view=azure-cli-latest#az_ad_app_permission_grant

Note that $scope should be the Value property from the Oauth2Permission you are using.

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 powershell Az 模块授予 Azure AD 应用程序访问所需权限的权限 - How to give Azure AD application access to required permissions using powershell Az module Powershell - 使用 Powershell 在 Azure AD 应用程序上执行“授予权限”操作 - Powershell - Do “Grant Permissions” action on Azure AD Application with Powershell 如何通过 PowerShell 使用 azure-AD 模块导出分配给 azure 应用注册的委派权限 - How to export delegated permissions assigned to azure app registration using azure-AD module via PowerShell 如何使用Azure Active Directory PowerShell V2“授予权限” - How to 'Grant Permissions' Using Azure Active Directory PowerShell V2 Azure AD App 注册通过 Powershell:如何确保正确的权限? - Azure AD App Registration via Powershell: How to ensure the proper permissions? Azure SQL 使用 PowerShell 和 ServicePrincipal 为 AD 用户授予访问权限 - Azure SQL Grant Access for AD User using PowerShell and ServicePrincipal 如何将权限 scope 授予 Powershell 中的 Azure 应用程序? - How to grant permission scope to an Azure App in Powershell? 如何使用PowerShell向Azure App注册添加Api权限 - How to Add Api Permissions to an Azure App Registration using PowerShell 我正在尝试在 C# 应用程序上运行一些 powershell 脚本以授予 Azure AD 应用程序的权限,它适用于 Powershell 但不适用于 C# 应用程序 - I am trying to run some powershell script on C# app to grant permission on Azure AD App, it works on Powershell but not on C# app 如何授予管理员同意 Powershell 中的 Azure AAD 应用程序? - How to grant admin consent to an Azure AAD app in Powershell?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM