CODEWITHSUNDEEP
azureauthenticationoauth-2.0
Jonidas
Jonidas

Reputation: 187

Azure Active Directory: Retrieve Exposed Client Applications

Is there a way, though the Azure CLI or the Microsoft Graph API to retrieve the list of client (ids), that an app registration is exposed to.

I was successful at using the Azure CLI, Azure Powershell Tools and the Microsoft Graph API to retrieve the API permissions of an app registration, but I only get the defined scopes for said app registration, not the exposed static consumers. Is this at all possible?

To be more precise: If you go to the Azure Portal an got to "Active Directory" > "App Registrations" > "Expose an API" then there is a list under "Authorized client applications". This is the list I would like to retrieve.

Upvotes: 1

Views: 432

Answers (2)

Mickael V.
Mickael V.

Reputation: 1242

What you were looking for is the property called preAuthorizedApplications : https://learn.microsoft.com/en-us/graph/api/resources/preauthorizedapplication?view=graph-rest-1.0

It is actually part of the properties you get if you call https://graph.microsoft.com/v1.0/applications/{application-id}

The property is inside the api property.

For example (🔒 are GUIDs) : return JSON

Here you can see that the contents of the property is a list of application IDs (clients), each associated to a list of GUID for delegated permissions. You can then find the details of these delegated permissions in another property called oauth2PermissionScopes, which is also in api : enter image description here

Upvotes: 0

juunas
juunas

Reputation: 58908

Looking at the beta endpoint of MS Graph API, it doesn't seem like those are available. So for now your only option is to get that info from the portal.

https://learn.microsoft.com/en-us/graph/api/resources/application?view=graph-rest-beta

Upvotes: 1

Related Questions