Azure CLI Create AD App with AllowImplicit

Question

Is there any way that I can create or modify an AzureAD App to allow the OAuth 2.0 Implicit flow via the Azure CLI 2.0?

I'm able to create app registrations without issue using az ad app create

Answer 1

You can use CLI to call Graph API to do achieve that. This method needs to create service principal in your AAD Tenant, and assign Company Admin role to it.

Get an authentication token

curl -X "POST" "https://login.microsoftonline.com/$TENANTID/oauth2/token" \
-H "Cookie: flight-uxoptin=true; stsservicecookie=ests; x-ms-gateway-slice=productionb; stsservicecookie=ests" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "client_id=$APPID" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "client_secret=$PASSWORD" \
--data-urlencode "resource=https://graph.windows.net/"

Set the AAD applicaiton Oauth2AllowImplicitFlow to be true:

curl -X "PATCH" "https://graph.windows.net/$TENANTID/applications/$ObjectId?api-version=1.6" \
    -H "Authorization: Bearer $ACCESSTOKEN" \
    -H "Content-Type: application/json" \
    -d $'{"oauth2AllowImplicitFlow":true}'

After few seconds, Oauth2AllowImplicitFlow of your application has been set to be true.

Additional, as @Shawn said that Azure CLI doesn't have this cmdlet to set AAD Application,but Azure Powershell have. However Azure CLI is an important tool for Linux platform to use Azure. I think we can post this feature feedback in this Page. Azure Team will review it.

Hope this helps!

Answer 2

It does not look like the Azure CLI 2.0 exposes the OAuth2AllowImplicitFlow property to be set, however the Azure Active Directory PowerShell 2.0 does expose this property:

-Oauth2AllowImplicitFlow

Specifies whether this web application can request OAuth2.0 implicit flow tokens. The default is false.

Type: Boolean

Position: Named

Default value: None

Accept pipeline input: False

Accept wildcard characters: False

Let me know if this helps.