-
-
Save darrelmiller/6ef1f447b6a23d08ebb9c12decd5e3c9 to your computer and use it in GitHub Desktop.
| # updated to remove my really ugly first attempt, based on awesome feedback provided. | |
| $web = @{ | |
| RedirectUris = "https://localhost:5001/signin-oidc" | |
| ImplicitGrantSettings = @{ EnableIdTokenIssuance = $true } | |
| } | |
| $createAppParams = @{ | |
| DisplayName = "AspNetWebApp" | |
| Web = $web | |
| RequiredResourceAccess = @{ | |
| ResourceAppId = "00000003-0000-0000-c000-000000000000" | |
| ResourceAccess = @( | |
| @{ | |
| Id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d" | |
| Type = "Scope" | |
| } | |
| ) | |
| } | |
| } | |
| # note the use of @ below, instead of the expected $ | |
| $app = New-MgApplication @createAppParams |
Hey Darrel, you may enjoy PowerShell splats. Splats are backwards compatible to at least PowerShell v3 and they make your code more beautiful. You also do not need as many backticks or semicolons as you'd assume. PowerShell is pretty awesome with line breaks. Here's some sample code that shows two different ways of creating hashtables for your parameters.
(I'm unsure if an array is required for ResourceAccess, so I left in the @())
$web = @{
RedirectUris = "https://localhost:5001/signin-oidc"
ImplicitGrantSettings = @{ EnableIdTokenIssuance = $true }
}
$params = @{
DisplayName = "AspNetWebApp"
Web = $web
RequiredResourceAccess = @{
ResourceAppId = "00000003-0000-0000-c000-000000000000"
ResourceAccess = @(
@{
Id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"
Type = "Scope"
}
)
}
}
# note the use of @ below, instead of the expected $
$app = New-MgApplication @params
Note the lack of both backticks and semicolons in @potatoqualitee's use of hashtables. In PowerShell, hashtables can span multiple lines and you only need Key = "value" on a line so in your original code, you can safely take out the semicolons and backticks on any lines with the key/value pairs and it is exactly the same script.
In your original code, you'll still need the backticks to put cmdlet parameters on new lines but this is often considered not best practice because of how hard the backtick is to see.
@potatoqualitee's answer is the best practice because of PowerShell splatting
Anyway, I just wanted to provide a little extra context on the backtick :)
Hi Darrel, this is a really helpful post, thanks. I could use a little more help if you don't mind.
I am trying to create an app for user that are already logged in, that just acts as a redirect to an SPO site. I plan to use it in an access package for invited guests so when the go to the app portal, there is something to click on. If I use your code without the $web variable, then go to the portal gui and add the web redirect under the authentication tab, it works fine. But when I try to add the SPO link in place of your example, I get an error "Reply url contains punycode"
Would you have an example of how to add this during app create as I am trying to use this within an Azure Function.
Thanks
ah. Just answered my own questions after a side by side comparison of configs.
Need to add the signinaudience = 'AzureADMyOrg' to the createappparams like this
$createAppParams = @{
DisplayName = "AspNetWebApp"
Web = $web
signinaudience = 'AzureADMyOrg'
RequiredResourceAccess = @{
ResourceAppId = "00000003-0000-0000-c000-000000000000"
ResourceAccess = @(
@{
Id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"
Type = "Scope"
}
)
}
$app.AppId has the clientId value in it.