New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New command: add OAuth grant for the specified service principal #164

Closed
waldekmastykarz opened this Issue Dec 23, 2017 · 0 comments

Comments

Projects
None yet
1 participant
@waldekmastykarz
Copy link
Member

waldekmastykarz commented Dec 23, 2017

Add OAuth grant for the specified service principal

  • command: aad oauthgrant add -i|--clientId <clientId> -r|--resourceId <resourceId> -s|--scope <scope>
  • clientId: ID of the service principal for which permissions should be granted
  • resourceId: ID of the resource for which permissions should be granted (eg. MS Graph)
  • scope: permissions to be granted
  • requires connection to AAD Graph

The information can be get from the following REST call:

POST https://graph.windows.net/myorganization/oauth2PermissionGrants?api-version=1.6
content-type: application/json
authorization: Bearer eyJ0eXAiOiJKV...

{
    "odata.type": "Microsoft.DirectoryServices.OAuth2PermissionGrant",
    "clientId": "<clientId>",
    "consentType": "AllPrincipals",
    "principalId": null,
    "resourceId": "<resourceId>",
    "scope": "<scope>",
    "startTime": "0001-01-01T00:00:00",
    "expiryTime": "9000-01-01T00:00:00"
}

If an OAuth grant for the specified clientId/resourceId pair already exists, the API call will return an error.

Requires #160 to be done first

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment