Azure app registration apps list- access needed

Question

I need to access all the list of apps whose tokens are nearly expiring (say due in 7 days). What privileges do I need inorder to fetch that using python script?

I have already given Directory.Read.ALL and Application.Read.All in the portal. In code I am able to login using az ad login --service-principal command But when it access az add app list --all it shows "Insufficient privileges to complete the operation"

Answer 1

Note that, you need to grant Application.Read.All permission of Application type while logging in as service principal to list applications.

I got the same error when I tried to list applications by granting Delegated permissions while signing in with service principal like this:

az login --service-principal -t <Tenant-ID> -u <Client-ID> -p <Client-secret> --allow-no-subscriptions
az ad app list --all

Response:

To resolve the error, make sure to grant API permissions of Application type in your app registration:

When I ran the same commands again now after granting Application permissions, I got the response successfully like this:

az login --service-principal -t <Tenant-ID> -u <Client-ID> -p <Client-secret> --allow-no-subscriptions
az ad app list --all

Response:

To get these lists of applications via Python script, you can make use of below sample code:

import asyncio

from azure.identity import ClientSecretCredential
from msgraph import GraphServiceClient

tenant_id = "tenantId"
client_id = "appId"
client_secret = "secret"

credential = ClientSecretCredential(
    tenant_id=tenant_id,
    client_id=client_id,
    client_secret=client_secret
)

client = GraphServiceClient(credential)

async def main():
    result = await client.applications.get()
    applications = result.value
    for app in applications:
        print("App Name:", app.display_name)
        print("App ID:", app.id)
        print("--------------------------------------------------")

asyncio.run(main())

Response: