英文:
Retrieve App Owners from Azure Portal App Registration using Microsoft Graph API and REST Method
问题
我正在尝试使用Microsoft Graph API和REST方法通过PowerShell脚本从Azure门户应用注册中检索应用程序所有者。我正在使用服务主体帐户(客户端密钥),租户和客户端ID(应用程序ID)来对Graph API进行身份验证。
以下是获取特定应用程序信息的代码:
Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/applications?$filter=appId eq 'appIdhere'" -Headers $headers -Method GET
我正在使用以下请求头和正文:
$requestBody = @{
"grant_type" = "client_credentials"
"client_id" = $clientId
"client_secret" = $clientSecret
"scope" = "https://graph.microsoft.com/.default"
}
$headers = @{
Authorization = "Bearer $accessToken"
}
但是,这段代码仅在图表上有效。请参阅下面的文档。(我使用了/applications端点,并在下面的参考文档中仍然有效)
Microsoft Graph API - 列出服务主体的所有者
我想要使用上面提到的URL来访问Azure门户中应用程序注册下的应用程序清单,但是该URL检索到Azure门户中的所有应用程序,而不仅仅是在PowerShell ISE中使用Invoke-RestMethod时从URL中指定的应用程序。
我想要请求关于如何检索此URL下指定信息的帮助:"https://graph.microsoft.com/v1.0/applications?$filter=appId eq 'f059f748-6b42-46ec-8d5b-23a0fee126ee'"。谢谢那些愿意协助的人。
英文:
I am trying to retrieve app owners from Azure Portal App Registration under the Manifest using the Microsoft Graph API and REST Method via a PowerShell script. I am using a service principal account (client secret key), tenant, and client ID (app ID) to authenticate to the Graph API.
Here is the code for getting specific app info:
Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/applications?$filter=appId eq 'appIdhere'" -Headers $headers -Method GET
I am using the following request headers and body:
$requestBody = @{
"grant_type" = "client_credentials"
"client_id" = $clientId
"client_secret" = $clientSecret
"scope" = "https://graph.microsoft.com/.default"
}
$headers = @{
Authorization = "Bearer $accessToken"
}
However, this code above works only on the graph. Please see the documentation below. (I used the /applications endpoint and it still works with the reference below)
Microsoft Graph API - List owners of a service principal
I want to use the URL mentioned above to access the application manifest under App Registration Azure Portal, but the URL retrieves all the applications from the Azure Portal instead of just the specified one from the URL when using Invoke-RestMethod from PowerShell ISE.
I would like to request assistance on how to retrieve specified information under this URL: "https://graph.microsoft.com/v1.0/applications?$filter=appId eq 'f059f748-6b42-46ec-8d5b-23a0fee126ee'". Thank you in advance to those who will assist.
答案1
得分: 1
我注册了一个Azure AD应用程序,并添加了以下API权限:
现在,我将以下用户添加为该应用程序的应用程序所有者:
要使用Microsoft Graph API从Azure门户应用程序注册下的清单中检索应用程序所有者,您可以使用以下查询:
GET https://graph.microsoft.com/v1.0/applications/<AppID>/owners
要通过PowerShell调用REST API以获得相同的结果,您可以执行以下脚本:
$requestbody = @{
client_id = "ClientID"
client_secret = "ClientSecret"
scope = "https://graph.microsoft.com/.default"
grant_type = 'client_credentials'
}
$AccessToken = Invoke-RestMethod -Uri "https://login.microsoftonline.com/TenantID/oauth2/v2.0/token" -Method Post -Body $requestbody
$token = $AccessToken.access_token
$query = "https://graph.microsoft.com/v1.0/applications/AppID/owners"
(Invoke-RestMethod -Headers @{Authorization = "Bearer $($token)"} -Uri $query -Method Get).value | select id
当我运行该脚本时,我在响应中获得了应用程序所有者的对象ID,如下所示:
参考:
列出所有者 - Microsoft Graph v1.0 | Microsoft
英文:
I registered one Azure AD Application and added API permissions like below:
Now, I added below users as Application owners for the Application:
To retrieve App Owners from Azure Portal App Registration under the Manifest using the Microsoft Graph API, you can use below query:
GET https://graph.microsoft.com/v1.0/applications/<AppID>/owners
To get the same results by invoking REST API using PowerShell, you can execute below script:
$requestbody = @{
client_id = "ClientID"
client_secret = "ClientSecret"
scope = "https://graph.microsoft.com/.default"
grant_type = 'client_credentials'
}
$AccessToken = Invoke-RestMethod -Uri "https://login.microsoftonline.com/TenantID/oauth2/v2.0/token" -Method Post -Body $requestbody
$token = $AccessToken.access_token
$query = "https://graph.microsoft.com/v1.0/applications/AppID/owners"
(Invoke-RestMethod -Headers @{Authorization = "Bearer $($token)"} -Uri $query -Method Get).value | select id
When I ran the script, I got the Object IDs of the Application owners in the response like below:
答案2
得分: 0
以下是翻译好的部分:
已更新:我已经找到我要寻找的内容。
要访问 Azure 门户上 App Registration 应用程序的清单数据 - 您可以使用下面的 URL 终端点。
https://graph.microsoft.com/v1.0/applications/ObjectIDofApphere/?=manifest
我不太确定我是如何找到这个的,我正在寻找关于 microsoft graph 上面提到的终端点的任何参考,但它显示应用程序的清单数据,请确保在 "applications/" 旁边放置 objectID。
英文:
Updated: I've figured out what I am looking for.
To access the manifest data from the applications of App Registration on Azure Portal - you may use this url endpoint below.
https://graph.microsoft.com/v1.0/applications/ObjectIDofApphere/?=manifest
I am not so sure how I'd figured this out and I am looking for any reference for this endpoint above from the microsoft graph but it shows the manifest data of the application, be sure to put the objectID next to applications/
For the permissions, I do have these permissions below
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论