[英]how to give grant Permissions for an app in azure ad using powershell
trying to automate the azure app registration process using powershell
need some help for giving grant permission for an app after assigning api permissions using powershell can anyone help me on this.
and is there any better way to automate azure app reg process other than powershell?
Try this: Login-AzureRmAccount
function get-azureRMToken() {
<#
.Synopsis
This function gets the access token for the use
#>
try {
$context = Get-AzureRmContext
$tenantId = $context.Tenant.Id
$refreshToken = @($context.TokenCache.ReadItems() | where {$_.tenantId -eq $tenantId -and $_.ExpiresOn -gt (Get-Date)})[0].RefreshToken
$body = "grant_type=refresh_token&refresh_token=$($refreshToken)&resource=74658136-14ec-4630-ad9b-26e160ff0fc6"
$apiToken = Invoke-RestMethod "https://login.windows.net/$tenantId/oauth2/token" -Method POST -Body $body -ContentType 'application/x-www-form-urlencoded'
return $apiToken.access_token
}
catch {
Write-Output "Exception.Message=$($_.Exception.Message); ScriptStackTrace=$($_.ScriptStackTrace); Exception.StackTrace=$($_.Exception.StackTrace); FullyQualifiedErrorId=$($_.FullyQualifiedErrorId); Exception.InnerException=$($_.Exception.InnerException)"
}
}
function grant-aap-required-permission() {
<#
.Synopsis
This function invoke azure rest to grant permission.
#>
Param(
[Parameter(Mandatory = $true)]$azureAppId
)
try {
$token = get-azureRMToken
$header = @{
'Authorization' = 'Bearer ' + $token
'X-Requested-With' = 'XMLHttpRequest'
'x-ms-client-request-id' = [guid]::NewGuid()
'x-ms-correlation-id' = [guid]::NewGuid()
}
$url = "https://main.iam.ad.ext.azure.com/api/RegisteredApplications/$azureAppId/Consent?onBehalfOfAll=true"
Invoke-RestMethod –Uri $url –Headers $header –Method POST -ErrorAction Stop
}
catch {
Write-Output "Exception.Message=$($_.Exception.Message); ScriptStackTrace=$($_.ScriptStackTrace); Exception.StackTrace=$($_.Exception.StackTrace); FullyQualifiedErrorId=$($_.FullyQualifiedErrorId); Exception.InnerException=$($_.Exception.InnerException)"
}
}
It seems that we can now use the Azure CLI in powershell. I can grant permission with a single command.
az ad app permission grant –id $appId –api $apiAppId –scope $scope
This worked on the Azure Cloud Shell where $appId, $apiAppId, and $scope are regular powershell variables.
The documentation for this command is here: https://docs.microsoft.com/en-us/cli/azure/ad/app/permission?view=azure-cli-latest#az_ad_app_permission_grant
Note that $scope should be the Value property from the Oauth2Permission you are using.
如何使用 powershell Az 模块授予 Azure AD 应用程序访问所需权限的权限
[英]How to give Azure AD application access to required permissions using powershell Az module
Powershell - 使用 Powershell 在 Azure AD 应用程序上执行“授予权限”操作
[英]Powershell - Do “Grant Permissions” action on Azure AD Application with Powershell
如何通过 PowerShell 使用 azure-AD 模块导出分配给 azure 应用注册的委派权限
[英]How to export delegated permissions assigned to azure app registration using azure-AD module via PowerShell
如何使用Azure Active Directory PowerShell V2“授予权限”
[英]How to 'Grant Permissions' Using Azure Active Directory PowerShell V2
Azure AD App 注册通过 Powershell:如何确保正确的权限?
[英]Azure AD App Registration via Powershell: How to ensure the proper permissions?
Azure SQL 使用 PowerShell 和 ServicePrincipal 为 AD 用户授予访问权限
[英]Azure SQL Grant Access for AD User using PowerShell and ServicePrincipal
如何将权限 scope 授予 Powershell 中的 Azure 应用程序?
[英]How to grant permission scope to an Azure App in Powershell?
如何使用PowerShell向Azure App注册添加Api权限
[英]How to Add Api Permissions to an Azure App Registration using PowerShell
我正在尝试在 C# 应用程序上运行一些 powershell 脚本以授予 Azure AD 应用程序的权限,它适用于 Powershell 但不适用于 C# 应用程序
[英]I am trying to run some powershell script on C# app to grant permission on Azure AD App, it works on Powershell but not on C# app
如何授予管理员同意 Powershell 中的 Azure AAD 应用程序?
[英]How to grant admin consent to an Azure AAD app in Powershell?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.