azure active directory - How to know permissions to other apis of my app

Question

How to know the permissions of my azure ad app have for other APIs, such as Microsoft Grahp API .

In portal , i could check that in the [API Access]-->[Required permissions] , but how do i check that with powershell , i used

Get-AzureRmADApplication -ObjectId , 
Get-AzureRmADApplication -ObjectId  xxxxx | fl * 

But little attributes returned and AppPermissions is null , but with fiddle , i notice it use below request :

GET https://graph.windows.net/mytenant/applications/id?api-version=1.6 HTTP/1.1 

And i could find a lot of attributes of that app ,which one shows the permission of the app and how do i get that in powershell ?

Answer 1

You could try the Azure Active Directory PowerShell Version 2 , the use command like :

$app = Get-AzureADApplication -Filter "appId eq '$appId'" | fl *

to get the RequiredResourceAccess claim ,that is the collection that is shown under "permissions to other applications" in the azure ad classic portal and "Required permissions" in new portal .

In addition , PowerShell essentially wraps the API's and just presents them to you in a simplified interface. If you don't find a command to do what you want you can always using PowerShell to invoke the Graph API directly. Please refer to below article for how to call Azure Active Directory Graph Api from Powershell :

https://blogs.technet.microsoft.com/paulomarques/2016/03/21/working-with-azure-active-directory-graph-api-from-powershell/

And here is a test code sample :

PS C:Usersv-nany> $header = @{
>>      'Content-Type'='applicationjson'
>>      'Authorization'=$token.CreateAuthorizationHeader()
>>  }
PS C:Usersv-nany>  $uriSAs = "https://graph.windows.net/xxxxxxx/applications/xxxxxx?api-version=1.6 "
PS C:Usersv-nany> $appInfo = (Invoke-RestMethod -Uri $uriSAs –Headers $header –Method Get –Verbose)
PS C:Usersv-nany>  $appInfo.requiredResourceAccess

You will get resourceAppId represents the resource , and related resourceAccess which is a scope list.