Create application in Azure Active Directory using graph API fails

后端未结

关注

 1  681

I\'m trying to use the Azure Active Directory Graph API (with the Azure GraphClient nuget package) to create a new application in Azure AD.

I\'ve authenticated using

相关标签:

1条回答

时光说笑

2021-01-12 20:30

The error message is indeed very confusing, but the problem is that you are trying to define a scope value (user_impersonation) that is already defined.

If you run this code, you'll find that the application is created successfully in your directory:

var appname = "Test Application create " + DateTime.Now.Ticks;
var application = new Application()
        {
            AvailableToOtherTenants = false,
            DisplayName = appname,
            ErrorUrl = null,
            GroupMembershipClaims = null,
            Homepage = "http://www.domain.com",
            IdentifierUris = new List<string>() {{"https://domain.com/"+ "Test" } },// CHANGED LINE
            KeyCredentials = new List<KeyCredential>(),
            KnownClientApplications = new List<Guid>(),
            LogoutUrl = null,
            Oauth2AllowImplicitFlow = false,
            Oauth2AllowUrlPathMatching = false,
            Oauth2Permissions = new List<OAuth2Permission>()
            {
                {
                    new OAuth2Permission()
                    {
                        AdminConsentDescription =
                            $"Allow the application to access {appname} on behalf of the signed-in user.",
                        AdminConsentDisplayName = $"Access {appname}",
                        Id = Guid.NewGuid(),
                        IsEnabled = true,
                        Type = "User",
                        UserConsentDescription =
                            $"Allow the application to access {appname} on your behalf.",
                        UserConsentDisplayName = $"Access {appname}",
                        Value = "custom_scope" // CHANGED LINE
                    }
                }
            },
            Oauth2RequirePostResponse = false,
            PasswordCredentials = new List<PasswordCredential>(),
            PublicClient = false,
            ReplyUrls = new List<string>(),
            RequiredResourceAccess = new List<RequiredResourceAccess>(),
            SamlMetadataUrl = null,
            ExtensionProperties = new List<ExtensionProperty>(),
            Manager = null,
            ObjectType = "Application",
            DeletionTimestamp = null,
            CreatedOnBehalfOf = null,
            CreatedObjects = new List<DirectoryObject>(),
            DirectReports = new List<DirectoryObject>(),
            Members = new List<DirectoryObject>(),
            MemberOf = new List<DirectoryObject>(),
            Owners = new List<DirectoryObject>(),
            OwnedObjects = new List<DirectoryObject>()
  };
await client.Applications.AddApplicationAsync(application);

Also, your IdentifierUris cannot contain spaces, so I've changed it to a hardcoded string.

HTH

0 讨论(0)