|
# https://learn.microsoft.com/en-us/graph/api/application-addpassword?view=graph-rest-1.0&tabs=http |
|
|
|
import requests |
|
import json |
|
import time |
|
from datetime import datetime, timedelta |
|
import random |
|
|
|
# Generate a random number |
|
random_number = random.randint(1000, 9999) # Adjust the range as needed |
|
|
|
# Create the string |
|
app_name = f"App_{random_number}" |
|
|
|
# Azure AD B2C Constants |
|
TENANT_ID = 'xxxxx-xxxxx-xxxxx-xxxxx' |
|
CLIENT_ID = 'xxxxx-xxxxx-xxxxx-xxxxx' |
|
CLIENT_SECRET = 'xxxxx-xxxxx-xxxxx-xxxxx' |
|
|
|
# Token endpoint to get the access token |
|
token_endpoint = f'https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/token' |
|
|
|
# Resource URL |
|
resource_url = 'https://graph.microsoft.com' |
|
|
|
# Scopes for the Microsoft Graph API |
|
scopes = ['https://graph.microsoft.com/.default'] |
|
|
|
# Parameters to get the access token |
|
token_data = { |
|
'grant_type': 'client_credentials', |
|
'client_id': CLIENT_ID, |
|
'client_secret': CLIENT_SECRET, |
|
'scope': ' '.join(scopes) |
|
} |
|
|
|
# Get access token |
|
token_response = requests.post(token_endpoint, data=token_data) |
|
access_token = token_response.json().get('access_token') |
|
|
|
# Create app registration in Azure AD B2C |
|
create_app_endpoint = f'{resource_url}/v1.0/{TENANT_ID}/applications' |
|
headers = { |
|
'Authorization': f'Bearer {access_token}', |
|
'Content-Type': 'application/json' |
|
} |
|
|
|
app_registration_data = { |
|
"displayName": f"{app_name}", |
|
"signInAudience": "AzureADMyOrg", |
|
"requiredResourceAccess": [ |
|
{ |
|
"resourceAppId": "00000003-0000-0000-c000-000000000000", # Microsoft Graph API ID |
|
"resourceAccess": [ |
|
{ |
|
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", # Read Directory Data |
|
"type": "Scope" |
|
} |
|
] |
|
} |
|
], |
|
"appRoles": [ |
|
{ |
|
"allowedMemberTypes": ["Application"], |
|
"displayName": "Read", |
|
"id": "d6a15e20-f83c-4264-8e61-5082688e14c8", |
|
"isEnabled": True, |
|
"description": "Readers have the ability to read tasks.", |
|
"value": "app.read" |
|
}, |
|
{ |
|
"allowedMemberTypes": ["Application"], |
|
"displayName": "Write", |
|
"id": "204dc4ab-51e1-439f-8c7f-31a1ebf3c7b9", |
|
"isEnabled": True, |
|
"description": "Writers have the ability to create tasks.", |
|
"value": "app.write" |
|
}] |
|
} |
|
|
|
response = requests.post(create_app_endpoint, headers=headers, json=app_registration_data) |
|
|
|
if response.status_code == 201: |
|
print("App registration created successfully.") |
|
# print(response.content) |
|
|
|
# Parse the response content as JSON |
|
response_json = json.loads(response.content) |
|
|
|
# Extract the "id" from the JSON data |
|
application_object_id = response_json.get('id') |
|
app_id = response_json.get('appId') |
|
|
|
print("App:", app_name) |
|
print("AppId: ", app_id) |
|
print("AppObjectId: ", application_object_id) |
|
|
|
url_password = f'{resource_url}/v1.0/{TENANT_ID}/applications/{application_object_id}/addPassword' |
|
|
|
# Construct the request body with password credentials details |
|
password_credentials_data = { |
|
"passwordCredential": { |
|
"displayName": "System_Access_1" |
|
} |
|
} |
|
|
|
# Send the request to create password credentials |
|
response = requests.post(url_password, headers=headers, json=password_credentials_data) |
|
|
|
# Check the response |
|
if response.status_code == 200: |
|
print("Password credentials created successfully.") |
|
print("Response:", response.text) |
|
else: |
|
print("Failed to create password credentials. Status code:", response.status_code) |
|
print("Response:", response.text) |
|
else: |
|
print("Error creating app registration:", response.text) |