Sending oAuth2PermissionGrant request with a Scope of $null suspends all permissions

Question

Issue

When creating a delegated permission grant using the oAuth2PermissionGrants API, if you specify a Scope of $null in the request, a response is returned, but the app registration permissions enter into a perpetual non-responsive status. (See image marker 1)

Using the Grant admin consent for tenant button will invoke the error seen in image marker 2

Grant consent failed with error: Encountered an internal server error. [gZUB0yPYFbu2whgueZx9Yr]

Removing all permissions and then adding any new permissions will carry the same non-responsive status.

Error visual

Sample request

   $appObjectId = ""  
   $graphAppId = (Get-MgServicePrincipal -Filter "AppId eq '00000003-0000-0000-c000-000000000000'").Id  
     
   $headers = @{  
       Authorization = "Bearer $($connection.access_token)"   
   }  
     
   $body = @{  
       ClientId    = $appObjectId  
       ConsentType = "AllPrincipals"  
       PrincipalId = $null  
       ResourceId  = $graphAppId  
       Scope       = $null  
   } | ConvertTo-Json  
     
   $params = @{  
       ContentType = "application/json"  
       Method      = "POST"  
       Uri         = "https://graph.microsoft.com/v1.0/oauth2PermissionGrants"  
       Headers     = $headers  
       Body        = $body  
   }  
     
   Invoke-RestMethod @params  

Answer 1

Hello @scottwtang , thanks for reporting such behavior. I will reach within the proper team to avoid the reported issue. As a workaround you can delete the posted oAuth2PermissionGrant usnig the Delete oAuth2PermissionGrant (a delegated permission grant) operation.

Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it so that others in the community with similar questions can more easily find a solution.