import Global from '/docs/cmd/_global.mdx'; import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem';
Lists OAuth2 permission grants for the specified service principal
m365 entra oauth2grant list [options]
m365 aad oauth2grant list [options]
`-i, --spObjectId <spObjectId>`
: objectId of the service principal for which the configured OAuth2 permission grants should be retrieved
In order to list existing OAuth2 permissions granted to a service principal, you need its objectId
. You can retrieve it using the entra enterpriseapp get command.
When using the text output type (default), the command lists only the values of the objectId
, resourceId
and scope
properties of the OAuth grant. When setting the output type to JSON, all available properties are included in the command output.
List OAuth2 permissions granted to service principal with objectId
b2307a39-e878-458b-bc90-03bc578531d6.
m365 entra oauth2grant list --spObjectId b2307a39-e878-458b-bc90-03bc578531d6
[
{
"clientId": "283f45c9-6b6f-4d15-a7b8-da2c2f3f6e67",
"consentType": "AllPrincipals",
"id": "yUU_KG9rFU2nuNosLz9uZ0SVQmWC1_RCvP7NnEv1Zus",
"principalId": null,
"resourceId": "65429544-d782-42f4-bcfe-cd9c4bf566eb",
"scope": "Mail.Read Mail.Send"
}
]
resourceId scope
------------------------------------ -------------------
65429544-d782-42f4-bcfe-cd9c4bf566eb Mail.Read Mail.Send
clientId,consentType,id,resourceId,scope
283f45c9-6b6f-4d15-a7b8-da2c2f3f6e67,AllPrincipals,yUU_KG9rFU2nuNosLz9uZ0SVQmWC1_RCvP7NnEv1Zus,65429544-d782-42f4-bcfe-cd9c4bf566eb,Mail.Read Mail.Send
# entra oauth2grant list --spObjectId "283f45c9-6b6f-4d15-a7b8-da2c2f3f6e67"
Date: 2023-06-02
## yUU_KG9rFU2nuNosLz9uZ0SVQmWC1_RCvP7NnEv1Zus
Property | Value
---------|-------
clientId | 283f45c9-6b6f-4d15-a7b8-da2c2f3f6e67
consentType | AllPrincipals
id | yUU\_KG9rFU2nuNosLz9uZ0SVQmWC1\_RCvP7NnEv1Zus
resourceId | 65429544-d782-42f4-bcfe-cd9c4bf566eb
scope | Mail.Read Mail.Send
- Application and service principal objects in Microsoft Entra ID: https://learn.microsoft.com/azure/active-directory/develop/active-directory-application-objects
- List oauth2PermissionGrants: https://learn.microsoft.com/graph/api/oauth2permissiongrant-list?view=graph-rest-1.0