Created
April 4, 2023 18:04
-
-
Save ilmax/23062cfa46aded85c6e475b2fe727aa0 to your computer and use it in GitHub Desktop.
Grant permission to an azure ad app
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $downstreamApp = az ad app list --all --query "[?displayName=='$downstreamServiceName']" | ConvertFrom-Json | |
| if (!$downstreamApp) { | |
| throw "The app registration $downstreamServiceName does not exist." | |
| } | |
| # Get the downstream app scopes | |
| $downstreamAppScopes = az ad app show --id $downstreamApp.appId --query "api.oauth2PermissionScopes" | ConvertFrom-Json | |
| # Get the id and name of the first scope (using the first because we have just one and it's usually the user_impersonation scope) | |
| $scopeName = $downstreamAppScopes[0].value | |
| $scope = $downstreamAppScopes[0].id | |
| # Grant permission to the downstream app | |
| Write-Host "Adding to $appConnectorAppRegistrationName permission $scopeName on service $downstreamServiceName." | |
| az ad app permission add --id $AppRegistration.appId --api $downstreamApp.appId --api-permissions $scope=Scope | |
| Write-Host "Granting to $appConnectorAppRegistrationName permission $scopeName on service $downstreamServiceName." | |
| az ad app permission grant --id $AppRegistration.appId --api $downstreamApp.appId --scope $scopeName |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment