Hello @Zehui Yao_MSFT , thank you for your response.
I do not see any mention of an application id in the data, so I do not know which one to use for the first request you have mentioned.
Concerning the second request, GET /policies/tokenLifetimePolicies/{id}/appliesTo
gives a 404, and the same is true when just querying GET /policies/tokenLifetimePolicies/{id}
.
Further investigation gave me this
GET /directoryObjects/56d03fe2-b909-470b-b262-ff88d9227d66
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects/$entity",
"@odata.type": "#microsoft.graph.tokenIssuancePolicy",
"id": "56d03fe2-b909-470b-b262-ff88d9227d66",
"deletedDateTime": null,
"definition": [
"{\"AuthenticationPolicies\":{\"Version\":\"2014-05-15\",\"PoliciesEnabled\":false,\"ManagedApps\":[],\"AuthenticationMethodPolicy\":{\"Mode\":\"disabled\",\"RequiredUserAuthenticationMethod\":\"mfa\",\"IncludeConditions\":[{\"Groups\":[\"all_users\"]}]},\"DeviceStatePolicies\":[]},\"MdmPolicy\":[],\"SyncPolicy\":[],\"ClaimIssuancePolicy\":{\"Version\":1,\"DefaultTokenType\":\"SAML\",\"AllowPassThruUsers\":\"true\",\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"SamlClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier\",\"SamlNameIdFormat\":\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\",\"Source\":\"User\",\"ExtensionID\":null,\"ID\":\"userprincipalname\",\"Value\":null,\"TransformationId\":null,\"AppliesToUserType\":null,\"MemberOf\":null},{\"SamlClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\",\"Source\":\"User\",\"ExtensionID\":null,\"ID\":\"givenname\",\"Value\":null,\"TransformationId\":null,\"AppliesToUserType\":null,\"MemberOf\":null},{\"SamlClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\",\"Source\":\"User\",\"ExtensionID\":null,\"ID\":\"surname\",\"Value\":null,\"TransformationId\":null,\"AppliesToUserType\":null,\"MemberOf\":null},{\"SamlClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\",\"Source\":\"User\",\"ExtensionID\":null,\"ID\":\"mail\",\"Value\":null,\"TransformationId\":null,\"AppliesToUserType\":null,\"MemberOf\":null},{\"SamlClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\"Source\":\"User\",\"ExtensionID\":null,\"ID\":\"userprincipalname\",\"Value\":null,\"TransformationId\":null,\"AppliesToUserType\":null,\"MemberOf\":null}],\"ClaimsTransformations\":[],\"GroupFilter\":null,\"IssuerWithApplicationId\":false,\"AudienceOverride\":null}}"
],
"displayName": "ClaimIssuancePolicy",
"isOrganizationDefault": false
}
so I also tried
GET /policies/tokenIssuancePolicies/56d03fe2-b909-470b-b262-ff88d9227d66
and GET /policies/tokenIssuancePolicies/56d03fe2-b909-470b-b262-ff88d9227d66/appliesTo
. Curiously, both gave me a 404 as well.