AAD app consent self-test
function Get-AppConsentUri($resource) | |
{ | |
"https://login.microsoftonline.com/$TenantDomain/oauth2/authorize?client_id=$AadClientId&response_type=code&redirect_uri=https://readify.net&nonce=foo&resource=$resource&prompt=admin_consent" | |
} | |
function Test-GraphAccess() | |
{ | |
try | |
{ | |
Invoke-RestMethod ` | |
-Headers $graphHeaders ` | |
-Method Get ` | |
-Uri 'https://graph.microsoft.com/v1.0/users/?$top=1' | | |
Out-Null | |
Write-Verbose "API access seems to work; could retrieve basic user listing" | |
} | |
catch [Exception] { | |
throw "Failed to read basic directory data. Ensure: | |
1) app registration includes Microsoft Graph API, Read directory data permission | |
2) admin consent has been granted via $(Get-AppConsentUri https://graph.microsoft.com)" | |
} | |
} | |
Test-GraphAccess |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment