Microsoft Graph 更新 App Registration Approles API 补丁方法总是返回无法读取 JSON 请求负载

Question

On a App Registration I want to remove the App Roles by first disable the active ones and afterwards removing them. I checked the commands by the developer tools what is executed and I come to the following request:

$graphApiUrl = 'https://graph.microsoft.com/v1.0/applications'+'/'+$apiAppReg.appId
$body = '{"appRoles":[{"description":"Applications can read","displayName":"Reader","id":"xxxxxxx-xxxx-xxxx-xxxx-xxxxxx","isEnabled":false,"value":"Read","allowedMemberTypes":["Application"]}]}
'

az rest --method PATCH --url $graphApiUrl --headers 'Content-Type=application/json' --body '$body'

I tried this in all orders, but it seems that this is resulting in an error.

btw. the boby is copy from the request from the azure website

Answer 1

After reproducing from my end, I could able to achieve your requirement using PowerShell. To Disable the App Role I have set IsEnabled=$false for each app role in my Application.

Below is the script that worked for me to disable the app role.

$App = Get-AzureADApplication -Filter "appId eq '$appId'"
$AppRoles = $app.AppRoles
for($I=0;$I -lt $AppRoles.Count;$I++)
{
    $app.AppRoles[$I].IsEnabled=$false
    Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles $AppRoles
}

To Remove the app roles from the application I have used $AppRoles.Remove($AppRoles[$I]) . Below is the complete code that worked to delete the app roles from my Application.

for($I=0;$I -lt $AppRoles.Count;$I++)
{
    $AppRoles.Remove($AppRoles[$I])
    Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles $AppRoles
}

Below is the complete working code

Connect-AzureAD

$AppId = "<APPLICATION_ID>"
$ObjectId = "<OBJECT_ID>"

$App = Get-AzureADApplication -Filter "appId eq '$appId'"
$AppRoles = $app.AppRoles
for($I=0;$I -lt $AppRoles.Count;$I++)
{
    $app.AppRoles[$I].IsEnabled=$false
    Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles $AppRoles
}

for($I=0;$I -lt $AppRoles.Count;$I++)
{
    $AppRoles.Remove($AppRoles[$I])
    Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles $AppRoles
}