Cannot set “preAuthorizedApplications” object in new App registrations module through Azure Powershell

Question

Short Scenrario: A muti tenant front end javascript (React.JS) Web Application calls a multi tenant ASP.NET Core 2.2 WebAPI from the browser.

Au

Answer 1

You are right, seems there is something faultiness exists in AzureAD powershell module. That not works for me too .

If you want to modify your app manifest using powershell to add "preAuthorizedApplications" section, you can try the powershell script below.

I have tested on my side and it works for me.

In theory, I have called Microsoft Graph API to modify the app manifest . If you have any further concerns, please feel free to let me know.

$AdAdminUserName = "<-your Azure ad admin username ->"

$AdAdminPass="<-your Azure ad admin password ->"

$AdAppObjId = "<-your app obj id->"

$AdPreAuthAppId = "<-the app that need to be pre authed ->"

$AdAppScopeId = "<-your app scope id->"

$tenantName = "<-your tenant name->"


$body=@{
    "grant_type"="password";
    "resource"="https://graph.microsoft.com/";
    "client_id"="1950a258-227b-4e31-a9cf-717495945fc2";
    "username"=$AdAdminUserName;
    "password" = $AdAdminPass
}

$requrl = "https://login.microsoftonline.com/"+$tenantName+"/oauth2/token" 

$result=Invoke-RestMethod -Uri $requrl -Method POST -Body $body 

$headers = New-Object 'System.Collections.Generic.Dictionary[String,String]'
$headers.Add("Content-Type","application/json")
$headers.Add("Authorization","Bearer " + $result.access_token)


$preAuthBody = "{`"api`": {`"preAuthorizedApplications`": [{`"appId`": `"" + $AdPreAuthAppId + "`",`"permissionIds`": [`"" + $AdAppScopeId + "`"]}]}}"

$requrl= "https://graph.microsoft.com/beta/applications/"+$AdAppObjId

Invoke-RestMethod -Uri $requrl -Method PATCH -Body  $preAuthBody  -Headers $headers

Note: ROPC is not safe as Microsoft does not recommend to use that. It also does not allow to use MFA that is why it is little dangerous.