Nov 13 2023 10:45 AM
I am using the Python SDK (https://github.com/microsoftgraph/msgraph-sdk-python) to create an application registration, set redirect URIs and set API permissions.
My test code currently looks like...
import asyncio
from uuid import UUID
from azure.identity.aio import ClientSecretCredential
from msgraph import GraphServiceClient
from msgraph.generated.models.application import Application
from msgraph.generated.models.web_application import WebApplication
from msgraph.generated.models.password_credential import PasswordCredential
from msgraph.generated.models.required_resource_access import RequiredResourceAccess
from msgraph.generated.models.resource_access import ResourceAccess
from msgraph.generated.applications.item.add_password.add_password_post_request_body import AddPasswordPostRequestBody
credential = ClientSecretCredential("FAKE",
"FAKE",
"FAKE")
scopes = ['https://graph.microsoft.com/.default']
client = GraphServiceClient(credentials=credential, scopes=scopes)
async def get_directory_id():
org = await client.organization.get()
return org.value[0].id
async def create_application():
request_body = Application(
display_name = "SSO App"
)
app = await client.applications.post(request_body)
return app
# directory_id = app.
async def get_application(id):
app = await client.applications.by_application_id(id).get()
return app
async def create_app_secret(app_id):
request_body = AddPasswordPostRequestBody(
password_credential = PasswordCredential(
display_name = "SSO Secret",
),
)
result = await client.applications.by_application_id(app_id).add_password.post(request_body)
return result
async def set_redirect_uri(id):
request_body = Application(
web=WebApplication(
redirect_uris=['https://access.mydomain.com/cdn-cgi/access/callback']
)
)
result = await client.applications.by_application_id(id).patch(request_body)
return result
async def set_app_api_permissions(id):
# https://learn.microsoft.com/en-us/graph/permissions-reference
request_body = Application(
required_resource_access = RequiredResourceAccess(
resource_app_id = "00000003-0000-0000-c000-000000000000",
resource_access = [
ResourceAccess(id=UUID('06da0dbc-49e2-44d2-8312-53f166ab848a'), odata_type=None, type='Scope'), # https://learn.microsoft.com/en-us/graph/permissions-reference#directoryreadall
ResourceAccess(id=UUID('64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0'), odata_type=None, type='Scope'), # https://learn.microsoft.com/en-us/graph/permissions-reference#email
ResourceAccess(id=UUID('bc024368-1153-4739-b217-4326f2e966d0'), odata_type=None, type='Scope'), # https://learn.microsoft.com/en-us/graph/permissions-reference#groupmemberreadall
ResourceAccess(id=UUID('7427e0e9-2fba-42fe-b0c0-848c9e6a8182'), odata_type=None, type='Scope'), # https://learn.microsoft.com/en-us/graph/permissions-reference#offline_access
ResourceAccess(id=UUID('37f7f235-527c-4136-accd-4a02d197296e'), odata_type=None, type='Scope'), # https://learn.microsoft.com/en-us/graph/permissions-reference#openid
ResourceAccess(id=UUID('14dad69e-099b-42c9-810b-d002981feec1'), odata_type=None, type='Scope'), # https://learn.microsoft.com/en-us/graph/permissions-reference#profile
ResourceAccess(id=UUID('e1fe6dd8-ba31-4d61-89e7-88639da4683d'), odata_type=None, type='Scope') # https://learn.microsoft.com/en-us/graph/permissions-reference#userread
]
)
)
result = await client.applications.by_application_id(id).patch(request_body)
return result
async def main():
org = await get_directory_id()
app = await create_application()
secret = await create_app_secret(app.id)
print(f"Application ID: {app.app_id}")
print(f"Application Secret: {secret.secret_text}")
print(f"Organization ID: {org}")
await set_redirect_uri(app.id)
await set_app_api_permissions(app.id)
# print("done")
asyncio.run(main())
The code correctly creates an app, get's it's ID and also sets the web redirection URI. However, the call to "set_app_api_permissions" returns no error but the app isn't updated with these permissions.
Any one have any experience with updating an app permissions via the Graph API?