如何以编程方式将应用程序添加到Azure AD，而无需注册任何初始clientId? [英] How to add application to Azure AD programmatically without having any initial clientId registered?

问题描述

我想在Azure AD中自动创建应用程序(不使用管理门户). 我也想仅使用Graph api(不使用PowerShell)来建立它.我在讨论此问题的地方看到了线程(如何将应用程序添加到Azure ，但它并不能完全满足我的需求.

I want to automate application creation in Azure AD (Without using management portal). I also want to establish this using only Graph api (without using PowerShell). I have seen thread where this question is discussed (How to add application to Azure AD programmatically?), but it doesn't exactly do what I need.

由于我需要已经具有clientId才能获取身份验证令牌并调用任何图形api，因此我无法真正实现初始应用程序创建过程的自动化. (我有鸡肉和鸡蛋的问题). 利用Powershell的clientId获取身份验证令牌的方法很不错，但是我不能使用它.

Since I need to already have clientId in order to get auth token and call any graph apis, I can't really automate the process of initial app creation. (I am having chicken and egg problem). The work around of leveraging Powershell's clientId to get auth token is great, but I can't use that.

最近是否添加了其他选项可能会有所帮助?

Are there any other options that have been added lately that could help?

谢谢！

推荐答案

不幸的是，为了使您能够通过Graph API进行身份验证，您将需要一个现有的应用程序身份.请记住，Graph API只是在AAD中注册的资源应用程序，并且您需要具有客户端应用程序才能获取对任何资源的访问令牌.

Unfortunately in order for you to ever authenticate to the Graph API, you will need an existing application identity. Remember that the Graph API is just a resource application registered in AAD, and you need to have a client application in order to get access tokens to any resource.

基于我对我们未来计划的了解以及我们的应用程序模型和注册经验，我相信使用某种以用户为中心"的经验来创建第一个应用程序始终是一项基本要求，随后，该应用程序将允许您创建更多的应用程序.要在此处进行更具体的说明，例如AAD PowerShell或我们的应用程序注册/管理门户.

Based on my knowledge of our future plans with our Application Model and Registration Experiences, I believe it will always be a fundamental requirement to use some sort of 'user-centric' experience to create that first application, which would then subsequently allow you to create more applications. To be more specific here, something like AAD PowerShell or our App Registration/Management Portals.

这样想:如果有一个完全独立于用户的流程可以创建应用程序，那么什么会阻止恶意个人攻击您的租户或任何租户呢?请记住，我们为租户设置了对象配额，因此有人在您的租户中创建数百万个应用程序会阻止您创建用户，组等.

Think about it this way: If there was such a process, completely independent of a user, that would allow the creation of applications, what would stop malicious individuals from attacking your tenant, or any tenant for that matter? Remember that we have object quotas for our tenants, so someone creating millions of applications in your tenant would block you from being able to create users, groups, etc...

但是，在我们认为有效的场景与客户需要解决的现实生活问题之间可能存在一些脱节.您可以通过告诉我们更多有关您的特定要求和限制的信息来帮助我们吗?是什么因素导致这些因素发生?

However, there may be some disconnect between what we believe to be valid scenarios, and the real life problems our customers need to solve. Can you help us by telling us more about your specific requirements and restrictions? What is the scenario that drives those factors?

这篇关于如何以编程方式将应用程序添加到Azure AD，而无需注册任何初始clientId?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！