CODEWITHSUNDEEP
pythonazureazure-active-directorymicrosoft-graph-api
4c74356b41
4c74356b41

Reputation: 72181

How to get current context (logged in entity) objectId

I'm trying to get current (logged in) service principal\application object id. my code:

graphrbac_client = GraphRbacManagementClient(
    credentials = ServicePrincipalCredentials(
        client_id = CLIENT,
        secret = KEY,
        tenant = TENANT_ID,
        resource = "https://graph.windows.net"
    ),
    TENANT_ID
)
for sp in graphrbac_client.service_principals.list():
  if sp.app_id == graphrbac_client.config.credentials.id:
    print('found it')

which works, but requires too much permissions for the application (I've only managed to get it work with Directory.ReadAll, doesnt work with Application.ReadWrite.All, for some reason). All the methods I seem to find seem to require to know objectId upfront... which is what I'm trying to retrieve.

using this:

def resolve_service_principal(identifier):
    """Get an object_id from a client_id.
    """
    graphrbac_credentials = ServicePrincipalCredentials(
        client_id=os.environ['AZURE_CLIENT_ID'],
        secret=os.environ['AZURE_CLIENT_SECRET'],
        tenant=os.environ['AZURE_TENANT_ID'],
        resource="https://graph.windows.net"
    )
    graphrbac_client = GraphRbacManagementClient(
        graphrbac_credentials,
        os.environ['AZURE_TENANT_ID']
    )

    result = list(graphrbac_client.service_principals.list(filter="servicePrincipalNames/any(c:c eq '{}')".format(identifier)))
    if result:
        return result[0].object_id
    raise RuntimeError("Unable to get object_id from client_id")

Upvotes: 0

Views: 838

Answers (1)

Laurent Mazuel
Laurent Mazuel

Reputation: 3546

You need package 0.50.0 at least and signed_in_user.get. Example when I connect with my admin account:

user = graphrbac_client.signed_in_user.get()
assert user.mail_nickname.startswith("admin")

https://learn.microsoft.com/en-us/python/api/azure-graphrbac/azure.graphrbac.operations.signedinuseroperations?view=azure-python#get-custom-headers-none--raw-false----operation-config-

(I work at Microsoft in this SDK team)

Edit: It seems this works only for User, then I would try:

    objects = graphrbac_client.objects.get_objects_by_object_ids({
        'object_ids': [CLIENT],
        'types': ['ServicePrincipal']
    })

Upvotes: 2

Related Questions