Share via

Need to register AzureAd app from Graph API and API permission for graph API for Application permission without Azure Portal

Manoj Pant 135 Reputation points
2023-03-16T19:47:50.16+00:00
    1. I need to register the app from Graph API.
  2. Add permission to an app, Microsoft Graph, and application permission.
  3. Grant the application permissions.

All these three steps need to done from Graph API.

The first step is done below: Application gets created and we get the application id:

'16147e04-136b-4ea8-a45d-1cc2d9d0e0af'

string tenentId = "!!!!!!!!!-f8a6-4418-b062-26ad5b6608dd";
                string clientId = "!!!!!!!!-6beb-4a9c-bdc2-0092bc7feaae";
                string clientScret = "!!!!!!Huo3cUHtOOCHp1iNTSRQ7w9rDUlpRl6aqv";

          
                var accessTokenProvider = new BaseBearerTokenAuthenticationProvider(new TokenProvider());
                var graphServiceClient = new GraphServiceClient(accessTokenProvider);


               

                var requestBody = new Application
                {
                    DisplayName = "01N",
                    Description="This app is created from Graph API"
                };


                var result = await graphServiceClient.Applications.PostAsync(requestBody);

Problem: Not able to get this created app using below code:



        string clientScret = "!!!!!!Huo3cUHtOOCHp1iNTSRQ7w9rDUlpRl6aqv";
                // OnBehalfOfCredential onBehalfOf = new OnBehalfOfCredential(tenentId, clientId, clientScret, token);           

          
          

                var accessTokenProvider = new BaseBearerTokenAuthenticationProvider(new TokenProvider());
                var graphServiceClient = new GraphServiceClient(accessTokenProvider);

                // var result = await graphServiceClient.ServicePrincipals.GetAsync();

                var result = await graphServiceClient.ServicePrincipals.GetAsync((requestConfiguration) =>
                {
                    requestConfiguration.QueryParameters.Filter = "appId eq '16147e04-136b-4ea8-a45d-1cc2d9d0e0af'";


                    requestConfiguration.QueryParameters.Select = new string[] { "appId", "oauth2PermissionScopes" , "displayName", "appRoles" };
                    // requestConfiguration.QueryParameters.Select = new string[] { "id", "displayName", "appId", "appRoles", "oauth2PermissionScopes" };
                });

The response we are getting:

{
    "value": [],
    "additionalData": {
        "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#servicePrincipals(appId,oauth2PermissionScopes,displayName,appRoles)"
    },
    "backingStore": {
        "initializationCompleted": true,
        "returnOnlyChangedValues": false
    },
    "odataCount": null,
    "odataNextLink": null
}

Q1. How to add API permission inside created an application for Microsoft Graph: Application Permission?

Microsoft 365 and Office Development Other
Microsoft Security Microsoft Graph
0 comments
Accepted answer
  1. CarlZhao-MSFT 46,371 Reputation points
    2023-03-17T08:20:31.62+00:00

    Hi @Manoj Pant

    You can try the following sample code to get the application service principal, I have tested it locally and it works fine.

    using Azure.Identity;
using Microsoft.Graph;
using Newtonsoft.Json;
 
 
var scopes = new[] { "https://graph.microsoft.com/.default" };
 
var tenantId = "{tenant id}";
 
var clientId = "{client id}";
var clientSecret = "{client secret}";
 
// using Azure.Identity;
var options = new TokenCredentialOptions
{
      AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};
 
// https://docs.microsoft.com/dotnet/api/azure.identity.clientsecretcredential
var clientSecretCredential = new ClientSecretCredential(
      tenantId, clientId, clientSecret, options);
 
GraphServiceClient graphClient = new GraphServiceClient(clientSecretCredential, scopes);
 
try
{
      var result = await graphClient.ServicePrincipals.GetAsync((requestConfiguration) =>
      {
            requestConfiguration.QueryParameters.Filter = "appId eq '{app id}'";
            requestConfiguration.QueryParameters.Select = new string[] { "appId", "appRoles", "oauth2PermissionScopes", "displayName" };
      });
 
      Console.WriteLine(JsonConvert.SerializeObject(result));
}
catch (Exception ex) {
 
      Console.WriteLine(ex.Message);
}

    Also, I don't think you can grant graph application permissions to your app through the graph api, because you can't programmatically grant admin consent for application permissions, currently can only grant admin consent through the UI.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 119.5K Reputation points MVP Volunteer Moderator
    2023-03-17T08:18:34.6133333+00:00

    Application objects and service principal objects are two different things, even thought there is a link between them. Make sure you're querying the correct endpoint, depending on what exactly you are trying to achieve. If you want to define permissions on the application (definition) object, use the Update application method: https://learn.microsoft.com/en-us/graph/api/application-update?view=graph-rest-1.0&tabs=http

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.