CODEWITHSUNDEEP
azureazure-cli
brl
brl

Reputation: 63

Update the Azure App registration web.logoutUrl using Azure CLI

I am using an Azure CLI script to register an application like this:

az ad app create --display-name $appName
    --sign-in-audience AzureADMyOrg
    --enable-id-token-issuance true
    --enable-access-token-issuance false
    --required-resource-accesses @app-resources.json
    --web-redirect-uris $redirectUris

I need to set the front-channel logout URL as well, but I don't see a way to include that in the app create command.

I've also tried using update commands like these to set it after the application is created:

az ad app update --id {id} --set logoutUrl="https://someurl"
az ad app update --id {id} --set web.logoutUrl="https://someurl"
az ad app update --id {id} --set web[logoutUrl]="https://someurl"
az ad app update --id {id} --set web=@{ logoutUrl = "https://someurl" }

but I can't figure out the correct syntax. They all return errors along the lines of

Couldn't find 'web' in 'web'. Available options: []

How do I set the logoutUrl for an application using Azure CLI?

Upvotes: 1

Views: 1146

Answers (2)

foilage
foilage

Reputation: 66

As per this reply another relatively low-friction workaround for this option not being (currently) supported by the az cli command itself, is to use the graph api (via the az rest command) to set the logout url.

Below snippet gets the default hostname of an Azure Static Web App and updates the related app registration accordingly:

$swa = az staticwebapp show -n "SWA_NAME_HERE" -g "RESOURCE_GROUP_NAME_HERE" | ConvertFrom-Json -Depth 10 
$swaHostUrl = "https://{0}" -f $swa.defaultHostname 
$AppId = "GUID_HERE"
az ad app update --id $AppId --web-redirect-uris "$swaHostUrl/.auth/login/aad/callback" --enable-id-token-issuance true
# Need to workaround via MSGraph to set the logout url... sigh...
$appReg = az ad app show --id $AppId | ConvertFrom-Json -Depth 10
$body = @{ web = @{ logoutUrl = ("{0}/.auth/logout/aad/callback" -f $swaHostUrl) } } | ConvertTo-Json -Compress
# We need the object id for this bit
az rest --method PATCH --uri ('https://graph.microsoft.com/v1.0/applications/{0}' -f $appReg.id) --headers 'Content-Type=application/json' --body ($body -replace '"', '\"')

Upvotes: 2

RKM
RKM

Reputation: 1389

We have tried adding logoutUrl for the service principal/app registration using either of these set-azureserviceprincipal, update-azadserviceprincipal, az ad app update cmdlets unfortunately it is not working and facing the same error.

Alternatively, i would suggest you to edit the logoutUrl value through manifest file in portal. Here are the steps:

  1. login to the azure portal.
  2. Search for Active directory --> select app registrations and particular app registration name.
  3. go to the Manifest option under manage as shown in the below screenshot:

enter image description here

Upvotes: 0

Related Questions