通过Microsoft Graph添加或删除应用程序的API权限(requiredResourceAccess) [英] Add or Delete an app's API permissions (requiredResourceAccess) via Microsoft Graph

查看:76
本文介绍了通过Microsoft Graph添加或删除应用程序的API权限(requiredResourceAccess)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在我的试用Azure AD租户中的应用程序中,我想通过Graph API修改我的API权限.我可以在Graph Explorer中获取应用程序的requiredResourceAccess(

如果要删除API权限,只需按如下所示指定 requiredResourceAccess .

  {"requiredResourceAccess":[]}

注意:此API是 Beta 版本,我不建议您在生产环境中使用它.另外,当我们通过此API更新API权限时,它只会向该应用程序添加权限,而不会同意该应用程序的权限.

In an application in my trial Azure AD tenant, I want to modify my API permissions via the Graph API. I am able to GET the application's requiredResourceAccess in the Graph Explorer (https://developer.microsoft.com/en-us/graph/graph-explorer#) via https://graph.microsoft.com/beta/applications/{app object ID}/requiredResourceAccess, but I am not able to modify or delete these values, or even GET specific resources. Here's my GET result:

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#applications('{app object id}')/requiredResourceAccess(resourceAccess)",
    "value": [
        {
            "resourceAppId": "00000003-0000-0000-c000-000000000000",
            "resourceAccess": [
                {
                    "id": "{id}",
                    "type": "Scope"
                },
                {
                    "id": "{id}",
                    "type": "Scope"
                }
            ]
        }
    ]
}

When trying to specify the resourceAppId above, I get an error about how segment 'requiredResourceAccess' refers to a segment, so this must be the last part of the request URI besides filters.

And when I try to delete, I get the error 'Specified HTTP method is not allowed for the request target.'

I can modify the API permissions via the Microsoft Azure Portal of course, but can you please let me know if there is a way to add or remove API permissions via the Microsoft Graph API?

解决方案

You could use this API Update application, refer to my request sample as below.

Sample:

Request URL:

PATCH https://graph.microsoft.com/beta/applications/{App Object ID}

Request body:

{
   "requiredResourceAccess": [
        {
            "resourceAppId": "00000002-0000-0000-c000-000000000000",
            "resourceAccess": [
                {
                    "id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
                    "type": "Scope"
                }
            ]
        },
        {
           "resourceAppId": "00000003-0000-0000-c000-000000000000",
           "resourceAccess": [
                {
                    "id": "863451e7-0667-486c-a5d6-d135439485f0",
                    "type": "Scope"
                }
       ]
    }
   ]
}

If you want to delete the API permissions, just specify the requiredResourceAccess as below.

{
   "requiredResourceAccess": []
}

Note: This API is a Beta version, I don't recommend you to use it in the production environment. Also, when we update the API permissions via this API, it just adds the permissions to this application, it will not consent the permissions for the application.

这篇关于通过Microsoft Graph添加或删除应用程序的API权限(requiredResourceAccess)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆