Share via

Error: Property requiredResourceAccess.resourceAccess is invalid, when specifying "Type" as "Role" while creating graph permission for AAD App

Niraj Kumar 1 Reputation point
2020-10-27T10:44:05.163+00:00

Describe the bug

Please refer this github issue - https://github.com/Azure/azure-cli/issues/15679

Error: Property requiredResourceAccess.resourceAccess is invalid, when specifying "Type" as "Role" while creating graph permission for AAD App

The same code works when specifying Type as "Scope" but not when specifying its as "Role" the error occurs
To Reproduce 

$graphPermission = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "a367ab51-6b49-43bf-a716-a1fb06d2a174","Role"
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,966 Reputation points Moderator
    2020-10-27T12:20:33.85+00:00

    Hi @Niraj Kumar · Welcome to QnA platform and thanks for your query.

    When the token is requested under user context using Oauth flows like Authorization Code/Implicit/ROPC, the permissions are included in Scope (scp) claim and when you request token under application context using client_credentials flow, the permissions are included in Role claim. Depending on the flow you used to get the token, you have to use the Scope and Role accordingly.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.