Reputation: 27
Unable to list graph permissions granted to the application from Java
I want to get the list of graph permissions granted to an application using Java.
I am able to get the permissions from this code
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
OAuth2PermissionGrantCollectionWithReferencesPage oauth2PermissionGrants = graphClient.servicePrincipals("000xxxx-xxxx-40xx-b8xx-561247xxxxx").oauth2PermissionGrants()
.buildRequest()
.get();
In the output, I can see the permissions in the scope parameter. But I am getting only delegated permissions. Why am I not getting application permissions?
Is there a way to get application permissions too? Has anyone tried this and got it?
TIA
Upvotes: 0
Views: 195
Answers (1)
Reputation: 22352
I tried to reproduce the same in my environment and got the below results:
I registered one Azure AD application and granted Application permissions like below:
To get those Application permissions list, you can make use of below query:
GET https://graph.microsoft.com/v1.0/servicePrincipals/your_sp_objectID/appRoleAssignments
Response:
Code sample in Java:
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
AppRoleAssignmentCollectionPage appRoleAssignments = graphClient.servicePrincipals("000xxx-54xx-40xx-b8xx-56124xxxxxx").appRoleAssignments()
.buildRequest()
.get();
You can note the above appRoleId and check their names with below query:
GET https://graph.microsoft.com/v1.0/servicePrincipals?$filter=appId eq '00000003-0000-0000-c000-000000000000'&$select=appRoles
Response:
Code Sample in Java:
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
ServicePrincipalCollectionPage servicePrincipals = graphClient.servicePrincipals()
.buildRequest()
.filter("appId eq '00000003-0000-0000-c000-000000000000'")
.select("appRoles")
.get();
Reference:
List appRoleAssignments granted to a service principal | Microsoft Docs
Upvotes: 1
Related Questions
- Java Graph API scopes issue
- Adding application permission to an client application using MS Graph SDK - Java
- Forbidden error when calling Microsoft Graph from Java Application using Application ID
- List azure ad using msgraph-sdk-java
- 403 Error when making API call to Microsoft Graph with proper permissions
- Java requests to Microsoft Graph API perform ok but return 500
- Azure AD Graph api returns Forbidden
- Graph API in SSO is not working in Azure AD
- Microsoft Graph API beta endpoint gives 401 Unauthorized
- AAD Graph API Permission Issues