如何通过Graph API为Azure AD创建新的本机应用程序_Azure_Azure Active Directory_Azure Powershell_Azure Ad Graph Api

如何通过Graph API为Azure AD创建新的本机应用程序

azure azure-active-directory

如何通过Graph API为Azure AD创建新的本机应用程序,azure,azure-active-directory,azure-powershell,azure-ad-graph-api,Azure,Azure Active Directory,Azure Powershell,Azure Ad Graph Api,是否有任何方法（使用PowerShell cmdlet或Graph API）为Azure Active Directory创建本机应用程序？我正在寻找一种为我的应用程序自动创建环境的方法您可以使用Graph API在目录中创建应用程序。下面是PowerShell脚本 # Adding the AD library to your PowerShell Session. Add-Type -Path 'C:\Program Files\Microsoft Azure Active Director

是否有任何方法（使用PowerShell cmdlet或Graph API）为Azure Active Directory创建本机应用程序？我正在寻找一种为我的应用程序自动创建环境的方法

您可以使用Graph API在目录中创建应用程序。下面是PowerShell脚本

# Adding the AD library to your PowerShell Session.
Add-Type -Path 'C:\Program Files\Microsoft Azure Active Directory Connect\Microsoft.IdentityModel.Clients.ActiveDirectory.dll'

# This is the tenant id of you Azure AD. You can use tenant name instead if you want.
$tenantID = "<your tenant id>"
$authString = "https://login.microsoftonline.com/$tenantID" 

# Here, the username must be a user in your organization and with MFA disabled.
# And, it must have permission to create an AD application.
$username = "<your username>"
$password = "<the password of your username>"

# The resource URI for your token.
$resource = "https://graph.windows.net"

# This is the common client id.
$client_id = "1950a258-227b-4e31-a9cf-717495945fc2"

# Create a client credential with the above common client id, username and password. 
$creds = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" `
         -ArgumentList $username,$password

# Create a authentication context with the above authentication string.
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" `
         -ArgumentList $authString

# Acquire access token from server.
$authenticationResult = $authContext.AcquireToken($resource,$client_id,$creds)

# Use the access token to setup headers for your http request.
$authHeader = $authenticationResult.AccessTokenType + " " + $authenticationResult.AccessToken
$headers = @{"Authorization"=$authHeader; "Content-Type"="application/json"}

# Send a request to create a new AD application.
Invoke-RestMethod -Method POST `
    -Uri "https://graph.chinacloudapi.cn/$tenantID/applications?api-version=1.6-internal" `
    -Headers $headers -InFile ./application.json

“requiredResourceAccess”的设置必须与上面完全相同，否则Azure classic portal将无法管理您的应用程序。如果您深入查看Json文件，就会发现本机应用程序和Web应用程序共享相同的API和属性。只要您保持大多数字段与上述示例相同，Azure就会为您创建一个本机应用程序。但是，当然，您可以修改displayName和ReplyURL

{
  "odata.type": "Microsoft.DirectoryServices.Application",
  "objectType": "Application",
  "deletionTimestamp": null,
  "allowActAsForAllClients": null,
  "appBranding": null,
  "appCategory": null,
  "appData": null,
  "appMetadata": {
    "version": 0,
    "data": []
  },
  "appRoles": [],
  "availableToOtherTenants": false,
  "displayName": "nativeClient",
  "encryptedMsiApplicationSecret": null,
  "errorUrl": null,
  "groupMembershipClaims": null,
  "homepage": null,
  "identifierUris": [],
  "keyCredentials": [],
  "knownClientApplications": [],
  "logoUrl": null,
  "logoutUrl": null,
  "oauth2AllowImplicitFlow": false,
  "oauth2AllowUrlPathMatching": false,
  "oauth2Permissions": [],
  "oauth2RequirePostResponse": false,
  "passwordCredentials": [],
  "publicClient": true,
  "recordConsentConditions": null,
  "replyUrls": [
    "http://www.microsoft.com"
  ],
  "requiredResourceAccess": [
    {
      "resourceAppId": "00000002-0000-0000-c000-000000000000",
      "resourceAccess": [
        {
          "id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
          "type": "Scope"
        }
      ]
    }
  ],
  "samlMetadataUrl": null,
  "supportsConvergence": false
}