question

scottwtang avatar image
0 Votes"
scottwtang asked alfredorevilla-msft answered

Sending oAuth2PermissionGrant request with a Scope of $null suspends all permissions

Issue


When creating a delegated permission grant using the oAuth2PermissionGrants API, if you specify a Scope of $null in the request, a response is returned, but the app registration permissions enter into a perpetual non-responsive status. (See image marker 1)

Using the Grant admin consent for tenant button will invoke the error seen in image marker 2

Grant consent failed with error: Encountered an internal server error. [gZUB0yPYFbu2whgueZx9Yr]


Removing all permissions and then adding any new permissions will carry the same non-responsive status.

Error visual

image

Sample request


$appObjectId = ""
$graphAppId = (Get-MgServicePrincipal -Filter "AppId eq '00000003-0000-0000-c000-000000000000'").Id

$headers = @{
    Authorization = "Bearer $($connection.access_token)" 
}

$body = @{
    ClientId    = $appObjectId
    ConsentType = "AllPrincipals"
    PrincipalId = $null
    ResourceId  = $graphAppId
    Scope       = $null
} | ConvertTo-Json

$params = @{
    ContentType = "application/json"
    Method      = "POST"
    Uri         = "https://graph.microsoft.com/v1.0/oauth2PermissionGrants"
    Headers     = $headers
    Body        = $body
}

Invoke-RestMethod @params
azure-active-directorymicrosoft-graph-permissions
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

alfredorevilla-msft avatar image
0 Votes"
alfredorevilla-msft answered

Hello @scottwtang, thanks for reporting such behavior. I will reach within the proper team to avoid the reported issue. As a workaround you can delete the posted oAuth2PermissionGrant usnig the Delete oAuth2PermissionGrant (a delegated permission grant) operation.


Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it so that others in the community with similar questions can more easily find a solution.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.