Last active
September 5, 2023 16:46
-
-
Save darrelmiller/6ef1f447b6a23d08ebb9c12decd5e3c9 to your computer and use it in GitHub Desktop.
Use Microsoft Graph PowerShell to create an Application Registration for an ASP NET Web Site using Auth Code Grant
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# updated to remove my really ugly first attempt, based on awesome feedback provided. | |
$web = @{ | |
RedirectUris = "https://localhost:5001/signin-oidc" | |
ImplicitGrantSettings = @{ EnableIdTokenIssuance = $true } | |
} | |
$createAppParams = @{ | |
DisplayName = "AspNetWebApp" | |
Web = $web | |
RequiredResourceAccess = @{ | |
ResourceAppId = "00000003-0000-0000-c000-000000000000" | |
ResourceAccess = @( | |
@{ | |
Id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d" | |
Type = "Scope" | |
} | |
) | |
} | |
} | |
# note the use of @ below, instead of the expected $ | |
$app = New-MgApplication @createAppParams |
ah. Just answered my own questions after a side by side comparison of configs.
Need to add the signinaudience = 'AzureADMyOrg' to the createappparams like this
$createAppParams = @{
DisplayName = "AspNetWebApp"
Web = $web
signinaudience = 'AzureADMyOrg'
RequiredResourceAccess = @{
ResourceAppId = "00000003-0000-0000-c000-000000000000"
ResourceAccess = @(
@{
Id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"
Type = "Scope"
}
)
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi Darrel, this is a really helpful post, thanks. I could use a little more help if you don't mind.
I am trying to create an app for user that are already logged in, that just acts as a redirect to an SPO site. I plan to use it in an access package for invited guests so when the go to the app portal, there is something to click on. If I use your code without the $web variable, then go to the portal gui and add the web redirect under the authentication tab, it works fine. But when I try to add the SPO link in place of your example, I get an error "Reply url contains punycode"
Would you have an example of how to add this during app create as I am trying to use this within an Azure Function.
Thanks