MatthewJDavis · November 30, 2021 20:53
diff --git a/main.tf b/main.tf
 terraform {
  required_providers {
    azuread = {
      version = "=1.6.0"
    }
  }
 }

 variable "application_name" {
  type = string
 }

 variable "homepage_url" {
  type = string
 }

 variable "identifier_uris" {
  type = list
 }

 variable "redirect_uris" {
  type = list
 }

 variable "logout_url" {
  type = string
 }

 resource "azuread_application" "directory_role_app" {
  display_name               = var.application_name
  identifier_uris            = var.identifier_uris
  sign_in_audience           = "AzureADMyOrg"
  web {
    homepage_url  = var.homepage_url
    logout_url    = var.logout_url
    redirect_uris = var.redirect_uris 

    implicit_grant {
      access_token_issuance_enabled = true
    }
  }

  required_resource_access {
    resource_app_id = "00000003-0000-0000-c000-000000000000"  # MS Graph app id.

    resource_access {
      id   = "df021288-bdef-4463-88db-98f22de89214" # User.Read.All id.
      type = "Role"
    }
  }

 }

 resource "azuread_application_password" "demo" {
  application_object_id = azuread_application.directory_role_app.object_id
  display_name = "MG Graph Directory Role App cred"
 }

 resource "azuread_service_principal" "dra_sp" {
  application_id               = azuread_application.directory_role_app.application_id
  app_role_assignment_required = false

 }

 resource "azuread_service_principal_password" "dra_pw" {
  service_principal_id = azuread_service_principal.dra_sp.object_id
 }
	terraform {
	required_providers {
	azuread = {
	version = "=1.6.0"
	}
	}
	}

	variable "application_name" {
	type = string
	}

	variable "homepage_url" {
	type = string
	}

	variable "identifier_uris" {
	type = list
	}

	variable "redirect_uris" {
	type = list
	}

	variable "logout_url" {
	type = string
	}

	resource "azuread_application" "directory_role_app" {
	display_name = var.application_name
	identifier_uris = var.identifier_uris
	sign_in_audience = "AzureADMyOrg"
	web {
	homepage_url = var.homepage_url
	logout_url = var.logout_url
	redirect_uris = var.redirect_uris

	implicit_grant {
	access_token_issuance_enabled = true
	}
	}

	required_resource_access {
	resource_app_id = "00000003-0000-0000-c000-000000000000" # MS Graph app id.

	resource_access {
	id = "df021288-bdef-4463-88db-98f22de89214" # User.Read.All id.
	type = "Role"
	}
	}

	}

	resource "azuread_application_password" "demo" {
	application_object_id = azuread_application.directory_role_app.object_id
	display_name = "MG Graph Directory Role App cred"
	}

	resource "azuread_service_principal" "dra_sp" {
	application_id = azuread_application.directory_role_app.application_id
	app_role_assignment_required = false

	}

	resource "azuread_service_principal_password" "dra_pw" {
	service_principal_id = azuread_service_principal.dra_sp.object_id
	}