AAD app consent self-test
| function Get-AppConsentUri($resource) | |
| { | |
| "https://login.microsoftonline.com/$TenantDomain/oauth2/authorize?client_id=$AadClientId&response_type=code&redirect_uri=https://readify.net&nonce=foo&resource=$resource&prompt=admin_consent" | |
| } | |
| function Test-GraphAccess() | |
| { | |
| try | |
| { | |
| Invoke-RestMethod ` | |
| -Headers $graphHeaders ` | |
| -Method Get ` | |
| -Uri 'https://graph.microsoft.com/v1.0/users/?$top=1' | | |
| Out-Null | |
| Write-Verbose "API access seems to work; could retrieve basic user listing" | |
| } | |
| catch [Exception] { | |
| throw "Failed to read basic directory data. Ensure: | |
| 1) app registration includes Microsoft Graph API, Read directory data permission | |
| 2) admin consent has been granted via $(Get-AppConsentUri https://graph.microsoft.com)" | |
| } | |
| } | |
| Test-GraphAccess |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment