Forum Discussion

simoncloudflare's avatar
simoncloudflare
Copper Contributor
Nov 13, 2023

Trying to set App permissions via Python SDK

I am using the Python SDK (https://github.com/microsoftgraph/msgraph-sdk-python) to create an application registration, set redirect URIs and set API permissions.

My test code currently looks like...

 

import asyncio
from uuid import UUID

from azure.identity.aio import ClientSecretCredential
from msgraph import GraphServiceClient

from msgraph.generated.models.application import Application
from msgraph.generated.models.web_application import WebApplication
from msgraph.generated.models.password_credential import PasswordCredential
from msgraph.generated.models.required_resource_access import RequiredResourceAccess
from msgraph.generated.models.resource_access import ResourceAccess

from msgraph.generated.applications.item.add_password.add_password_post_request_body import AddPasswordPostRequestBody

credential = ClientSecretCredential("FAKE",
                                    "FAKE",
                                    "FAKE")
scopes = ['https://graph.microsoft.com/.default']

client = GraphServiceClient(credentials=credential, scopes=scopes)

async def get_directory_id():
    org = await client.organization.get()
    return org.value[0].id

async def create_application():
    request_body = Application(
        display_name = "SSO App"
    )
    app = await client.applications.post(request_body)
    return app

    # directory_id = app.

async def get_application(id):
    app = await client.applications.by_application_id(id).get()
    return app

async def create_app_secret(app_id):
    request_body = AddPasswordPostRequestBody(
        password_credential = PasswordCredential(
            display_name = "SSO Secret",
        ),
    )

    result = await client.applications.by_application_id(app_id).add_password.post(request_body)
    return result

async def set_redirect_uri(id):
    request_body = Application(
        web=WebApplication(
            redirect_uris=['https://access.mydomain.com/cdn-cgi/access/callback']
        )
    )

    result = await client.applications.by_application_id(id).patch(request_body)
    return result

async def set_app_api_permissions(id):
 # https://learn.microsoft.com/en-us/graph/permissions-reference

    request_body = Application(
        required_resource_access = RequiredResourceAccess(
            resource_app_id = "00000003-0000-0000-c000-000000000000",
            resource_access = [
                ResourceAccess(id=UUID('06da0dbc-49e2-44d2-8312-53f166ab848a'), odata_type=None, type='Scope'),  # https://learn.microsoft.com/en-us/graph/permissions-reference#directoryreadall
                ResourceAccess(id=UUID('64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0'), odata_type=None, type='Scope'),  # https://learn.microsoft.com/en-us/graph/permissions-reference#email
                ResourceAccess(id=UUID('bc024368-1153-4739-b217-4326f2e966d0'), odata_type=None, type='Scope'),  # https://learn.microsoft.com/en-us/graph/permissions-reference#groupmemberreadall
                ResourceAccess(id=UUID('7427e0e9-2fba-42fe-b0c0-848c9e6a8182'), odata_type=None, type='Scope'),  # https://learn.microsoft.com/en-us/graph/permissions-reference#offline_access
                ResourceAccess(id=UUID('37f7f235-527c-4136-accd-4a02d197296e'), odata_type=None, type='Scope'),  # https://learn.microsoft.com/en-us/graph/permissions-reference#openid
                ResourceAccess(id=UUID('14dad69e-099b-42c9-810b-d002981feec1'), odata_type=None, type='Scope'),  # https://learn.microsoft.com/en-us/graph/permissions-reference#profile
                ResourceAccess(id=UUID('e1fe6dd8-ba31-4d61-89e7-88639da4683d'), odata_type=None, type='Scope')   # https://learn.microsoft.com/en-us/graph/permissions-reference#userread
            ]
        )
    )

    result = await client.applications.by_application_id(id).patch(request_body)
    return result

async def main():
    org = await get_directory_id()
    app = await create_application()
    secret = await create_app_secret(app.id)
    print(f"Application ID: {app.app_id}")
    print(f"Application Secret: {secret.secret_text}")
    print(f"Organization ID: {org}")

    await set_redirect_uri(app.id)
    await set_app_api_permissions(app.id)
    # print("done")
asyncio.run(main())

 

The code correctly creates an app, get's it's ID and also sets the web redirection URI. However, the call to "set_app_api_permissions" returns no error but the app isn't updated with these permissions.

Any one have any experience with updating an app permissions via the Graph API?

No RepliesBe the first to reply

Resources