1

Hi I have to add an AppRole to an exsisting App Regestration. This is how I've added the App and assigned one role along with that:

var scopes = new[] { "https://graph.microsoft.com/.default" };
            var tenantId = "-Confidential-";
            var clientId = "-Confidential-";
            var clientSecret = "-Confidential-";


            var options = new TokenCredentialOptions
            {
                AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
            };

            var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);

            var graphClient = new GraphServiceClient(clientSecretCredential, scopes);

           AppRole appRole = new AppRole()
            {
                DisplayName = "External API",
                Description = "Allow the application to access External Resources",
                AllowedMemberTypes = new List<string>() { "Application" },
                Value = "Resource.External",
                IsEnabled = true,
                Id = new Guid() 
            };

            var requestBody = new Application
            {
                DisplayName = "App_One",
                AppRoles = new List<AppRole>() { appRole }
                RequiredResourceAccess = new List<RequiredResourceAccess>()
                {
                    new RequiredResourceAccess
                    {
                        ResourceAppId = "-Confidential-",
                        ResourceAccess = new List<ResourceAccess>()
                        {
                            new ResourceAccess
                            {
                                //API permission :- user_impersonation
                                Id = Guid.Parse("Confidential-ba31-4d61-89e7-Confidential"),
                                Type = "Scope"
                            }
                        }
                    }

                }
            };

            var result = await graphClient.Applications.PostAsync(requestBody);

But now I have to add another appRole to it.

I have tried using the same App Name and the same PostAsync method to update but ended up creating a new App in App Registrations.

Please can anyone help how can I add the role through my code.

Afsar AF撒入
  • 25
  • 4

1 Answers1

1

Documentation: https://learn.microsoft.com/en-us/graph/api/application-update?view=graph-rest-1.0&tabs=csharp#example

Example from docs:

// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new Application
{
    DisplayName = "New display name",
};
var result = await graphClient.Applications["{application-id}"].PatchAsync(requestBody);

Basically you run a PATCH request against the existing application object. You will need the created Application's object ID (Id in the SDK).

juunas
  • 54,244
  • 13
  • 113
  • 149
  • Hi, this will only update the existing roles. I need to add another app role to the existing application. – Afsar AF撒入 May 31 '23 at 10:18
  • This actually worked, in a slightly other way...I just added the existing role and the new role that needs to be added to the AppRoles list in the Application object. Hence the existing role remained existing and a new role got added up. Thank you @juunas. – Afsar AF撒入 May 31 '23 at 10:48