如何知道对我的应用程序的其他API的权限 [英] How to know permissions to other apis of my app

问题描述

如何知道我的azure广告应用对其他API的权限，例如Microsoft Grahp API.

How to know the permissions of my azure ad app have for other APIs, such as Microsoft Grahp API .

在门户网站中，我可以在[API访问]-> [所需权限]中进行检查，但是如何使用powershell进行检查，我曾经使用过

In portal , i could check that in the [API Access]-->[Required permissions] , but how do i check that with powershell , i used

Get-AzureRmADApplication -ObjectId , 
Get-AzureRmADApplication -ObjectId  xxxxx | fl * 

但是返回了很少的属性，AppPermissions为null，但是使用小提琴，我注意到它在下面的请求中使用:

But little attributes returned and AppPermissions is null , but with fiddle , i notice it use below request :

GET https://graph.windows.net/mytenant/applications/id?api-version=1.6 HTTP/1.1 

我可以找到该应用程序的许多属性，其中一个属性显示了该应用程序的权限，以及如何在Powershell中获取该属性?

And i could find a lot of attributes of that app ,which one shows the permission of the app and how do i get that in powershell ?

推荐答案

您可以尝试

You could try the Azure Active Directory PowerShell Version 2 , the use command like :

$app = Get-AzureADApplication -Filter "appId eq '$appId'" | fl *

以获得RequiredResourceAccess声明，该声明显示在azure ad经典门户的对其他应用程序的许可"和新门户中的必需的权限"下.

to get the RequiredResourceAccess claim ,that is the collection that is shown under "permissions to other applications" in the azure ad classic portal and "Required permissions" in new portal .

此外，PowerShell本质上包装了API，并仅在简化的界面中将它们呈现给您.如果找不到执行所需命令的命令，则可以始终使用PowerShell直接调用Graph API.请参考以下文章，了解如何从Powershell调用Azure Active Directory Graph Api:

In addition , PowerShell essentially wraps the API's and just presents them to you in a simplified interface. If you don't find a command to do what you want you can always using PowerShell to invoke the Graph API directly. Please refer to below article for how to call Azure Active Directory Graph Api from Powershell :

这是一个测试代码示例:

And here is a test code sample :

PS C:\Users\v-nany> $header = @{
>>      'Content-Type'='application\json'
>>      'Authorization'=$token.CreateAuthorizationHeader()
>>  }
PS C:\Users\v-nany>  $uriSAs = "https://graph.windows.net/xxxxxxx/applications/xxxxxx?api-version=1.6 "
PS C:\Users\v-nany> $appInfo = (Invoke-RestMethod -Uri $uriSAs –Headers $header –Method Get –Verbose)
PS C:\Users\v-nany>  $appInfo.requiredResourceAccess

您将获得resourceAppId代表资源，以及相关的resourceAccess，这是一个作用域列表.

You will get resourceAppId represents the resource , and related resourceAccess which is a scope list.

这篇关于如何知道对我的应用程序的其他API的权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！