Retrieve App Owners from Azure Portal App Registration using Microsoft Graph API and REST Method

huangapple go评论116阅读模式
英文:

Retrieve App Owners from Azure Portal App Registration using Microsoft Graph API and REST Method

问题

我正在尝试使用Microsoft Graph API和REST方法通过PowerShell脚本从Azure门户应用注册中检索应用程序所有者。我正在使用服务主体帐户(客户端密钥),租户和客户端ID(应用程序ID)来对Graph API进行身份验证。

以下是获取特定应用程序信息的代码:

Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/applications?$filter=appId eq 'appIdhere'" -Headers $headers -Method GET

我正在使用以下请求头和正文:

$requestBody = @{
    "grant_type"    = "client_credentials"
    "client_id"     = $clientId
    "client_secret" = $clientSecret
    "scope"         = "https://graph.microsoft.com/.default"
}

$headers = @{
    Authorization = "Bearer $accessToken"
}

但是,这段代码仅在图表上有效。请参阅下面的文档。(我使用了/applications端点,并在下面的参考文档中仍然有效)
Microsoft Graph API - 列出服务主体的所有者

我想要使用上面提到的URL来访问Azure门户中应用程序注册下的应用程序清单,但是该URL检索到Azure门户中的所有应用程序,而不仅仅是在PowerShell ISE中使用Invoke-RestMethod时从URL中指定的应用程序。

我想要请求关于如何检索此URL下指定信息的帮助:"https://graph.microsoft.com/v1.0/applications?$filter=appId eq 'f059f748-6b42-46ec-8d5b-23a0fee126ee'"。谢谢那些愿意协助的人。

英文:

I am trying to retrieve app owners from Azure Portal App Registration under the Manifest using the Microsoft Graph API and REST Method via a PowerShell script. I am using a service principal account (client secret key), tenant, and client ID (app ID) to authenticate to the Graph API.

Here is the code for getting specific app info:

Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/applications?$filter=appId eq 'appIdhere'" -Headers $headers -Method GET

I am using the following request headers and body:

$requestBody = @{
"grant_type"    = "client_credentials"
"client_id"     = $clientId
"client_secret" = $clientSecret
"scope"         = "https://graph.microsoft.com/.default"
}

$headers = @{
Authorization = "Bearer $accessToken"
}

However, this code above works only on the graph. Please see the documentation below. (I used the /applications endpoint and it still works with the reference below)
Microsoft Graph API - List owners of a service principal

I want to use the URL mentioned above to access the application manifest under App Registration Azure Portal, but the URL retrieves all the applications from the Azure Portal instead of just the specified one from the URL when using Invoke-RestMethod from PowerShell ISE.

I would like to request assistance on how to retrieve specified information under this URL: "https://graph.microsoft.com/v1.0/applications?$filter=appId eq 'f059f748-6b42-46ec-8d5b-23a0fee126ee'". Thank you in advance to those who will assist.

答案1

得分: 1

我注册了一个Azure AD应用程序,并添加了以下API权限

Retrieve App Owners from Azure Portal App Registration using Microsoft Graph API and REST Method

现在,我将以下用户添加为该应用程序的应用程序所有者

Retrieve App Owners from Azure Portal App Registration using Microsoft Graph API and REST Method

要使用Microsoft Graph API从Azure门户应用程序注册下的清单中检索应用程序所有者,您可以使用以下查询:

GET https://graph.microsoft.com/v1.0/applications/<AppID>/owners

要通过PowerShell调用REST API以获得相同的结果,您可以执行以下脚本:

$requestbody = @{
    client_id = "ClientID"
    client_secret = "ClientSecret"
    scope = "https://graph.microsoft.com/.default"
    grant_type = 'client_credentials'
}
$AccessToken = Invoke-RestMethod -Uri "https://login.microsoftonline.com/TenantID/oauth2/v2.0/token" -Method Post -Body $requestbody
$token = $AccessToken.access_token
$query = "https://graph.microsoft.com/v1.0/applications/AppID/owners"
(Invoke-RestMethod -Headers @{Authorization = "Bearer $($token)"} -Uri $query -Method Get).value | select id

当我运行该脚本时,我在响应中获得了应用程序所有者的对象ID,如下所示:

Retrieve App Owners from Azure Portal App Registration using Microsoft Graph API and REST Method

参考:
列出所有者 - Microsoft Graph v1.0 | Microsoft

英文:

I registered one Azure AD Application and added API permissions like below:

Retrieve App Owners from Azure Portal App Registration using Microsoft Graph API and REST Method

Now, I added below users as Application owners for the Application:

Retrieve App Owners from Azure Portal App Registration using Microsoft Graph API and REST Method

To retrieve App Owners from Azure Portal App Registration under the Manifest using the Microsoft Graph API, you can use below query:

GET https://graph.microsoft.com/v1.0/applications/&lt;AppID&gt;/owners

To get the same results by invoking REST API using PowerShell, you can execute below script:

$requestbody = @{
    client_id = &quot;ClientID&quot;
    client_secret = &quot;ClientSecret&quot;
    scope = &quot;https://graph.microsoft.com/.default&quot;
    grant_type = &#39;client_credentials&#39;
}
$AccessToken = Invoke-RestMethod -Uri &quot;https://login.microsoftonline.com/TenantID/oauth2/v2.0/token&quot; -Method Post -Body $requestbody
$token = $AccessToken.access_token
$query = &quot;https://graph.microsoft.com/v1.0/applications/AppID/owners&quot;
(Invoke-RestMethod -Headers @{Authorization = &quot;Bearer $($token)&quot;} -Uri $query -Method Get).value | select id

When I ran the script, I got the Object IDs of the Application owners in the response like below:

Retrieve App Owners from Azure Portal App Registration using Microsoft Graph API and REST Method

Reference:
List owners - Microsoft Graph v1.0 | Microsoft

答案2

得分: 0

以下是翻译好的部分:

已更新:我已经找到我要寻找的内容。

要访问 Azure 门户上 App Registration 应用程序的清单数据 - 您可以使用下面的 URL 终端点。

https://graph.microsoft.com/v1.0/applications/ObjectIDofApphere/?=manifest

我不太确定我是如何找到这个的,我正在寻找关于 microsoft graph 上面提到的终端点的任何参考,但它显示应用程序的清单数据,请确保在 "applications/" 旁边放置 objectID。

对于权限,我有以下权限:Retrieve App Owners from Azure Portal App Registration using Microsoft Graph API and REST Method

英文:

Updated: I've figured out what I am looking for.

To access the manifest data from the applications of App Registration on Azure Portal - you may use this url endpoint below.

https://graph.microsoft.com/v1.0/applications/ObjectIDofApphere/?=manifest

I am not so sure how I'd figured this out and I am looking for any reference for this endpoint above from the microsoft graph but it shows the manifest data of the application, be sure to put the objectID next to applications/

For the permissions, I do have these permissions below

Retrieve App Owners from Azure Portal App Registration using Microsoft Graph API and REST Method

huangapple
  • 本文由 发表于 2023年6月29日 13:06:33
  • 转载请务必保留本文链接:https://go.coder-hub.com/76578185.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定