[Feature Request] Provide native commands for `appRoleAssignment` API

[jiasli]

Related command
az ad app permission admin-consent

Is your feature request related to a problem? Please describe.
Currently az ad app permission admin-consent uses "internal, deprecated, and unsupported" API at https://main.iam.ad.ext.azure.com/ to grand admin consent:

azure-cli/src/azure-cli/azure/cli/command_modules/role/custom.py

Lines 928 to 938 in 710c821

	def admin_consent(cmd, client, identifier):
	from azure.cli.core.cloud import AZURE_PUBLIC_CLOUD
	from azure.cli.core.util import send_raw_request
	if cmd.cli_ctx.cloud.name != AZURE_PUBLIC_CLOUD.name:
	raise CLIError('This command is not yet supported on sovereign clouds')
	application = show_application(client, identifier)
	url = 'https://main.iam.ad.ext.azure.com/api/RegisteredApplications/{}/Consent?onBehalfOfAll=true'.format(
	application['appId'])
	send_raw_request(cmd.cli_ctx, 'post', url, resource='74658136-14ec-4630-ad9b-26e160ff0fc6')

This API doesn't work on clouds other than AzureCloud, such as AzureChinaCloud, dogfood or Azure Stack.

Even though Graph team is working on an equivalent API on Microsoft Graph API, there is no ETA.

The alternative supported way is to utilize appRoleAssignment API to grant application permissions, even though there is still some feature gap between appRoleAssignment API and the old API.

Examples for using az rest to call appRoleAssignment API was previously given in #12137 (comment).

Still, it will be better if we can have native commands for appRoleAssignment API.

[yonzhan]

Looking forward for the native commands.

[rvdwegen]

Is there any news on this? I'm currently (re)developing a product for my organization and I'd prefer to not have to use features which may deprecate in an unknown timeframe.

[jiasli]

@rvdwegen, currently you may use az rest to call appRoleAssignment APIs (#12137 (comment)).

In the meantime, might I recommend the Subscribe button?

That way you'll be notified of any updates to this thread.