如何创建新的 Azure 应用程序注册并通过 PowerShell 添加范围?
问题描述 投票:0回答:1
我正在尝试使用 PowerShell 创建以下内容:
- 登录 Entra ID(在弹出窗口中提示他们登录,以便他们可以交互地使用 MFA 等)。
- 创建一个名为“连接(服务器,测试)”的新应用程序注册,其中“仅此组织目录中的帐户”
- 公开范围名称为“API.Access”的 API,谁可以同意? = 管理员和用户,管理员同意显示名称 = API.Access,管理员同意描述 = API.Access,状态 = 已启用。应用程序 ID URL 应采用默认值。
- 完成后,向用户返回以下“连接(服务器、测试)的服务器应用程序注册已成功创建!”请注意以下详细信息:”后跟应用程序的客户端 ID、租户 ID 和应用程序 ID URL。
- 然后应该有一条消息显示“正在创建客户端应用程序...正在收集资源...”,并有 10 秒的倒计时等待。
- 倒计时结束时,创建一个名为“连接(客户端,测试)”的新应用程序注册,其中“仅此组织目录中的帐户”
- 创建一个有效期为 24 个月的新密钥,并将该密钥的值保留在内存中。
- 使用连接(客户端、测试)的客户端 ID,将其作为客户端应用程序添加到连接(服务器)的应用程序注册中。应选择授权范围。
- 在连接(客户端、测试)应用程序注册中,需要添加 Web 类型的身份验证应用程序,重定向 URI 为 https://oauth.powerbi.com/views/oauthredirect.html。应启用“访问令牌(用于隐式流)”和“ID 令牌(用于隐式流和混合流)”。
- 然后会出现一条消息,显示“成功!连接(服务器,测试)和连接(客户端,测试)的应用程序已创建。请记下以下详细信息: 服务器测试客户端 ID:(服务器测试客户端ID),服务器测试租户 ID:(服务器测试租户 ID),客户端测试客户端 ID:(客户端测试客户端 ID),客户端测试客户端密钥:(此处为客户端测试密钥)”
这是我手写的当前脚本,但在设置原始服务器测试应用程序的范围时感到困惑 - 我已经尝试过这个,但是 -Id 和 -Type 的参数(我将在Portal)似乎不适用于 PS CLI,而且当我需要将 api:// 声明为范围时,这会失败,因为 Add-AzADAppPermission 元素不起作用。
Import-Module Az.Accounts
Import-Module Az.Resources
Connect-AzAccount
# create the server application registration
$serverApp = New-AzADApplication -DisplayName "Connection (Server, Test)" -AvailableToOtherTenants $false
# expose an API with details
$scopeName = "API.Access"
$scopeId = (New-Guid).Guid
$apiPermission = Add-AzADAppPermission -ApplicationId $serverApp.ApplicationId -Id $scopeId -Type "Scope" -Permission $scopeName -Description "API Access scope"
$serverApp = Set-AzADApplication -ObjectId $serverApp.ObjectId -IdentifierUris "api://$($serverApp.ApplicationId)" -ApiPermissions $apiPermission
Write-Host "The Server Application registration of Connection (Server, Test) has been created successfully! Note the following details:"
Write-Host "Server-Test Client ID: $($serverApp.ApplicationId)"
Write-Host "Server-Test Tenant ID: $tenantId"
Write-Host "Server-Test Application ID URL: api://$($serverApp.ApplicationId)"
# Creating client application after a delay to mkae sure the svr app has fully deployed
Write-Host "Creating Client Application... gathering resources..."
Start-Sleep -Seconds 10
$clientApp = New-AzADApplication -DisplayName "Connection (Client, Test)" -AvailableToOtherTenants $false
$clientSecret = New-AzADAppCredential -ObjectId $clientApp.ObjectId -EndDate (Get-Date).AddMonths(24)
$secretValue = $clientSecret.SecretText
# setapplication as a client application to the server
New-AzADServicePrincipal -ApplicationId $clientApp.ApplicationId
New-AzADAppPermissionGrant -ObjectId $clientApp.ObjectId -ApiId $serverApp.ApplicationId -ExpiryTime (Get-Date).AddMonths(24) -Scope $scopeName
# add authentication platform for client app
$redirectUri = "https://oauth.powerbi.com/views/oauthredirect.html"
New-AzADAppRedirectUri -ObjectId $clientApp.ObjectId -RedirectUri $redirectUri
Set-AzADApplication -ObjectId $clientApp.ObjectId -ReplyUrls $redirectUri -OAuth2AllowImplicitFlow $true -OAuth2AllowIdTokenImplicitFlow $true
Write-Host "Success! The applications of Connection (Server, Test) and Connection (Client, Test) have been created. Please make a note of the following details:"
Write-Host "Server-Test Client ID: $($serverApp.ApplicationId)"
Write-Host "Server-Test Tenant ID: $tenantId"
Write-Host "Client-Test Client ID: $($clientApp.ApplicationId)"
Write-Host "Client-Test Client Secret: $secretValue"
"
1个回答
0
投票
投票
注册服务器应用程序:
#registering server application
$serverApp = New-AzADApplication -DisplayName "Connection (Server, Test)" -AvailableToOtherTenants $false
$AppId=$serverApp.AppId
Set-AzADApplication -ApplicationId $serverApp.AppId -IdentifierUris "api://$AppId"
$app = Get-AzAdApplication -ApplicationId "<AppId>"
公开服务器应用程序的 API 并注册客户端应用程序
#exposing an API
$permissionScop = New-Object Microsoft.Azure.Powershell.Cmdlets.Resources.MSGraph.Models.ApiV10.MicrosoftGraphPermissionScope
$permissionScop.Id = New-Guid
$permissionScop.AdminConsentDescription = "API.Access"
$permissionScop.AdminConsentDisplayName = "API.Access"
$permissionScop.IsEnabled = $true
$permissionScop.Type = "User"
$permissionScop.UserConsentDescription = "API.Access"
$permissionScop.UserConsentDisplayName = "API.Access"
$permissionScop.Value = "user_impersonation"
$api = $app.Api
#$api.Oauth2PermissionScope = $permissionScop
$api.Oauth2PermissionScope =$permissionScop
Update-AzADApplication -ApplicationId "<AppId>" -Api $api
Write-Host "The Server Application registration of Connection (Server, Test) has been created successfully! Note the following details:"
Write-Host "Server-Test Client ID: $($serverApp.AppId)"
$context = Get-AzContext
Write-Output "Tenant ID: $($context.Tenant.Id)"
Write-Host "Server-Test Tenant ID: $tenantId"
Write-Host "Server-Test Application ID URL: api://$($serverApp.AppId)"
# Creating client application after a delay to make sure the svr app has fully deployed
Write-Host "Creating Client Application... gathering resources..."
Start-Sleep -Seconds 10
#registering client-app
$displayName = "Connection (Client, Test)"
$redirectUri = "https://oauth.powerbi.com/views/oauthredirect.html"
$newApp = New-AzureADApplication -DisplayName $displayName
Set-AzureADApplication -ObjectId $newApp.ObjectId -ReplyUrls @($redirectUri)
Set-AzureADApplication -ObjectId $newApp.ObjectId -Oauth2AllowImplicitFlow $true
$clientSecret = New-AzADAppCredential -ObjectId $clientApp.ObjectId -EndDate (Get-Date).AddMonths(24)
$secretValue = $clientSecret.SecretText
New-AzADServicePrincipal -ApplicationId $newApp.AppId
Add-AzADAppPermission -ObjectId ObjectIDOfApp -ApiId Resource App ID -PermissionId Permission ID 
通过使用powershell,我们无法授予管理员同意,可以通过门户或Azure cli来完成。
CLI 命令
az ad app permission admin-consent --id 00000000-0000-0000-0000-000000000000Write-Host "Success! The applications of Connection (Server, Test) and Connection (Client, Test) have been created. Please make a note of the following details:"
Write-Host "Server-Test Client ID: $($serverApp.AppId)"
Write-Host "Client-Test Client ID: $($newApp.AppId)"
Write-Host "Client-Test Client Secret: $secretValue"
Write-Output "Tenant ID: $($context.Tenant.Id)"
最新问题
- 错误:函数组件不能有字符串引用。我们建议使用 useRef() 代替
- 具有全局组件和 TypeScript 支持的 Vue 3 库
- 松木脚本< closing one indicator when another has triggered>
- 如何使用jquery将数据从表导出到csv文件
- ASP.NET NormalizedUsername 在更新用户数据时发生变化
- 如何让超链接出现在页面右侧?
- 如何在 Windows 上使用 ffmpeg 从网络摄像头录制视频和音频?
- 没有名为 ipykernel_launcher 的模块
- 避免参数内传入查询中的 SQL 注入
- 使用python生成一个显示好友数量的字典
- 堆栈处于 UPDATE_COMPLETE_CLEANUP_IN_PROGRESS 状态且无法更新
- 使用 jQuery 在引导网格中添加/删除元素并防止删除第一个元素
- Python Pandas – 如何抑制 PerformanceWarning?
- 尝试通过powershell操纵输出
- 通过 Codeigniter 的活动记录方法从带有 LIMIT 的 suquery 中选择 SUM()
- 相当于 JavaScript 的 addEventListener 方法的 jQuery
- 艾美特的新线路
- “/”应用程序中服务器错误,找不到资源
- 如何比较两个共享相同内容的StructType?
- Terraform aws_lambda_function 需要 ECR 中的 Docker 映像
© www.soinside.com 2019 - 2024. All rights reserved.