Azure CLI SP creation w API permissions

0 votes

I'm attempting to construct a simple script to establish an SP with Microsoft Graph API access. I believe I need to establish an SP with the Contributor role, then assign it the API rights I want via Microsoft Graph API, and finally grant admin consent. It completes, but when I look on the portal, admin consent has not been granted, and when I try to assign manually, I receive the following:

Grant consent failed with error: Claim is invalid: 204e0828-b5ca-4ad8-b9f3-f32a958e7cc4 does not exist on resource application 00000003-0000-0000-c000-000000000000. [zPYKlPo0GJHRzGclFADr9k]
Mar 2, 2022 in Azure by Edureka
• 12,690 points
549 views

1 answer to this question.

0 votes
First, the code that was based on this query https://docs.microsoft.com/en-us/graph/permissions-reference#retrieving-permission-ids was returning the ID for AD graph, not Microsoft Graph.

Second, the admin-consent az ad app permission has been deprecated, and the az ad sp permission grant only works for Delegated permissions, not Application permissions (https://github.com/Azure/azure-cli/issues/12137#issuecomment-596567479). The solution is to get the SP's Object ID and the Microsoft Graph API's Object ID first, then utilise az rest to directly POST the grant.
answered Mar 2, 2022 by Edureka
• 13,620 points

Related Questions In Azure

0 votes
1 answer

Test environment for microsoft graph api and Azure v2.0

Yes, the type of application you register ...READ MORE

answered Mar 2, 2022 in Azure by Edureka
• 12,690 points
468 views
0 votes
1 answer

How to create Azure API Gateway Resource?

Go to your API Management instance In the ...READ MORE

answered Apr 12, 2022 in Azure by Edureka
• 12,690 points
451 views
0 votes
1 answer

Azure Translator Text API: What is the definition of a character?

A letter to an individual. Punctuation. A ...READ MORE

answered Apr 12, 2022 in Azure by Edureka
• 12,690 points
331 views
0 votes
0 answers
0 votes
0 answers

Is it possibile to use Azure DevOps Server on premises with Azure Active Directory?

After reading this documentation https://docs.microsoft.com/en-us/azure/devops/organizations/security/about-permissions?view=azure-devops-2020&tabs=preview-page#active-directory-and-azure-active-directory-security-groups it seems that Azure ...READ MORE

Mar 28, 2022 in Other DevOps Questions by Kichu
• 19,050 points
739 views
0 votes
1 answer

Difference between Azure CLI and PowerShell

The Azure CLI comes with an installer ...READ MORE

answered Mar 25, 2022 in Azure by Edureka
• 13,620 points
1,600 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP