Why is “Application permissions” disabled in Azure AD's “Request API permissions”?

拟墨画扇 提交于 2020-03-18 11:23:19

问题


I'm trying to give a console app permission to call an API in Azure AD.

When I go to "Add permissions," "application permissions" is grayed out and I can only select "delegated permissions."

My understanding is that application permissions is right for the console app because it runs on the back-end and users don't sign into it.

From the help text for "application permissions":

Your application runs as a background service or daemon without a signed-in user.

The help text for "delegated permissions":

Your application needs to access the API as the signed-in user.

Why is "application permissions" disabled?


回答1:


Per my understanding, you are exposing your custom api protected by Azure AD. If so, you need to define the application permission by editing the manifest of your api app.

manifest:

"appRoles": [
        {
            "allowedMemberTypes": [
                "Application"
            ],
            "description": "Apps that have this role have the ability to invoke my API",
            "displayName": "Can invoke my API",
            "id": "fc803414-3c61-4ebc-a5e5-cd1675c14bbb",
            "isEnabled": true,
            "lang": null,
            "origin": "Application",
            "value": "myTestRole"
        }
    ]

Then the application permission will show up.



来源:https://stackoverflow.com/questions/57379397/why-is-application-permissions-disabled-in-azure-ads-request-api-permissions

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!