尝试使用Power
Shell自动化azure应用程序注册过程
在使用powershell分配api权限后,需要一些帮助来为应用程序授予权限,任何人都可以帮助我.
还有什么更好的方法来自动化除了PowerShell之外的azure应用程序注册过程?
最佳答案 试试这个:
登录-AzureRmAccount
function get-azureRMToken() {
<#
.Synopsis
This function gets the access token for the use
#>
try {
$context = Get-AzureRmContext
$tenantId = $context.Tenant.Id
$refreshToken = @($context.TokenCache.ReadItems() | where {$_.tenantId -eq $tenantId -and $_.ExpiresOn -gt (Get-Date)})[0].RefreshToken
$body = "grant_type=refresh_token&refresh_token=$($refreshToken)&resource=74658136-14ec-4630-ad9b-26e160ff0fc6"
$apiToken = Invoke-RestMethod "https://login.windows.net/$tenantId/oauth2/token" -Method POST -Body $body -ContentType 'application/x-www-form-urlencoded'
return $apiToken.access_token
}
catch {
Write-Output "Exception.Message=$($_.Exception.Message); ScriptStackTrace=$($_.ScriptStackTrace); Exception.StackTrace=$($_.Exception.StackTrace); FullyQualifiedErrorId=$($_.FullyQualifiedErrorId); Exception.InnerException=$($_.Exception.InnerException)"
}
}
function grant-aap-required-permission() {
<#
.Synopsis
This function invoke azure rest to grant permission.
#>
Param(
[Parameter(Mandatory = $true)]$azureAppId
)
try {
$token = get-azureRMToken
$header = @{
'Authorization' = 'Bearer ' + $token
'X-Requested-With' = 'XMLHttpRequest'
'x-ms-client-request-id' = [guid]::NewGuid()
'x-ms-correlation-id' = [guid]::NewGuid()
}
$url = "https://main.iam.ad.ext.azure.com/api/RegisteredApplications/$azureAppId/Consent?onBehalfOfAll=true"
Invoke-RestMethod –Uri $url –Headers $header –Method POST -ErrorAction Stop
}
catch {
Write-Output "Exception.Message=$($_.Exception.Message); ScriptStackTrace=$($_.ScriptStackTrace); Exception.StackTrace=$($_.Exception.StackTrace); FullyQualifiedErrorId=$($_.FullyQualifiedErrorId); Exception.InnerException=$($_.Exception.InnerException)"
}
}
