New Azure AD application doesn't work until updated through management portal

Question

I have created a new application in Azure AD using the AAD Graph API. (code)

Unfortunately it doesn\'t let my client access the requested resources until I have been to

Answer 1

Apart from RasmusW's answer above, there a few more things that you might have to do depending on what you are trying to achieve.

1. If you want delegated permissions to work, you also need to add an Oauth2PermissionGrant into Oauth2PermissionGrants collection at the root level. This should have clientId of caller's SPN ObjectId, ResourceId of called SPN's object Id. The Scope value of the Oauth2PermissionGrant is key. It should have space separated values. Each value here comes from the 'Value' property of the Oauth2Permission object on the target SPN.
2. Additionally you may also need to be in appropriate DirectoryRole e.g. Directory Readers.