如何通过Graph API为Azure AD创建新的本机应用程序
是否有任何方法(使用PowerShell cmdlet或Graph API)为Azure Active Directory创建本机应用程序?我正在寻找一种为我的应用程序自动创建环境的方法您可以使用Graph API在目录中创建应用程序。下面是PowerShell脚本如何通过Graph API为Azure AD创建新的本机应用程序,azure,azure-active-directory,azure-powershell,azure-ad-graph-api,Azure,Azure Active Directory,Azure Powershell,Azure Ad Graph Api,是否有任何方法(使用PowerShell cmdlet或Graph API)为Azure Active Directory创建本机应用程序?我正在寻找一种为我的应用程序自动创建环境的方法您可以使用Graph API在目录中创建应用程序。下面是PowerShell脚本 # Adding the AD library to your PowerShell Session. Add-Type -Path 'C:\Program Files\Microsoft Azure Active Director
# Adding the AD library to your PowerShell Session.
Add-Type -Path 'C:\Program Files\Microsoft Azure Active Directory Connect\Microsoft.IdentityModel.Clients.ActiveDirectory.dll'
# This is the tenant id of you Azure AD. You can use tenant name instead if you want.
$tenantID = "<your tenant id>"
$authString = "https://login.microsoftonline.com/$tenantID"
# Here, the username must be a user in your organization and with MFA disabled.
# And, it must have permission to create an AD application.
$username = "<your username>"
$password = "<the password of your username>"
# The resource URI for your token.
$resource = "https://graph.windows.net"
# This is the common client id.
$client_id = "1950a258-227b-4e31-a9cf-717495945fc2"
# Create a client credential with the above common client id, username and password.
$creds = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" `
-ArgumentList $username,$password
# Create a authentication context with the above authentication string.
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" `
-ArgumentList $authString
# Acquire access token from server.
$authenticationResult = $authContext.AcquireToken($resource,$client_id,$creds)
# Use the access token to setup headers for your http request.
$authHeader = $authenticationResult.AccessTokenType + " " + $authenticationResult.AccessToken
$headers = @{"Authorization"=$authHeader; "Content-Type"="application/json"}
# Send a request to create a new AD application.
Invoke-RestMethod -Method POST `
-Uri "https://graph.chinacloudapi.cn/$tenantID/applications?api-version=1.6-internal" `
-Headers $headers -InFile ./application.json
“requiredResourceAccess”的设置必须与上面完全相同,否则Azure classic portal将无法管理您的应用程序。如果您深入查看Json文件,就会发现本机应用程序和Web应用程序共享相同的API和属性。只要您保持大多数字段与上述示例相同,Azure就会为您创建一个本机应用程序。但是,当然,您可以修改displayName和ReplyURL
{
"odata.type": "Microsoft.DirectoryServices.Application",
"objectType": "Application",
"deletionTimestamp": null,
"allowActAsForAllClients": null,
"appBranding": null,
"appCategory": null,
"appData": null,
"appMetadata": {
"version": 0,
"data": []
},
"appRoles": [],
"availableToOtherTenants": false,
"displayName": "nativeClient",
"encryptedMsiApplicationSecret": null,
"errorUrl": null,
"groupMembershipClaims": null,
"homepage": null,
"identifierUris": [],
"keyCredentials": [],
"knownClientApplications": [],
"logoUrl": null,
"logoutUrl": null,
"oauth2AllowImplicitFlow": false,
"oauth2AllowUrlPathMatching": false,
"oauth2Permissions": [],
"oauth2RequirePostResponse": false,
"passwordCredentials": [],
"publicClient": true,
"recordConsentConditions": null,
"replyUrls": [
"http://www.microsoft.com"
],
"requiredResourceAccess": [
{
"resourceAppId": "00000002-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
"type": "Scope"
}
]
}
],
"samlMetadataUrl": null,
"supportsConvergence": false
}