pmatthews05/clearOauth2Permission.ps1

## clearOauth2Permission.ps1
#Get all Permission for the Service prinipal ObjectId.
$exisitingCollection = az ad app permission list-grants --filter "clientId eq '$($ServicePrincipalObjectId)' and consentType eq 'AllPrincipals'" | ConvertFrom-Json
#Get a access Token
$tokenResponse = az account get-access-token --resource-type ms-graph | convertFrom-Json

$existingCollection | ForEach-Object {
   $existing = $PSItem
   #Get the PermissionGrant
   $apiUrlPatch = "https://graph.microsoft.com/v1.0/oauth2Permissiongrants/$($existing.objectId)"
   $body = @{
       scope = ""
   }
   #Patch with an empty scope.
   Invoke-RestMethod -uri $apiUrlPatch -Headers @{Authorization = "Bearer $(tokenResponse.accessToken)"} -Method $PATCH -Body $($body | ConvertTo-Json) -ContentType "application/json"
}
	#Get all Permission for the Service prinipal ObjectId.
	$exisitingCollection = az ad app permission list-grants --filter "clientId eq '$($ServicePrincipalObjectId)' and consentType eq 'AllPrincipals'" \| ConvertFrom-Json
	#Get a access Token
	$tokenResponse = az account get-access-token --resource-type ms-graph \| convertFrom-Json

	$existingCollection \| ForEach-Object {
	$existing = $PSItem
	#Get the PermissionGrant
	$apiUrlPatch = "https://graph.microsoft.com/v1.0/oauth2Permissiongrants/$($existing.objectId)"
	$body = @{
	scope = ""
	}
	#Patch with an empty scope.
	Invoke-RestMethod -uri $apiUrlPatch -Headers @{Authorization = "Bearer $(tokenResponse.accessToken)"} -Method $PATCH -Body $($body \| ConvertTo-Json) -ContentType "application/json"
	}