问题
Is there any way that I can create or modify an AzureAD App to allow the OAuth 2.0 Implicit flow via the Azure CLI 2.0?
I'm able to create app registrations without issue using az ad app create
回答1:
It does not look like the Azure CLI 2.0 exposes the OAuth2AllowImplicitFlow property to be set, however the Azure Active Directory PowerShell 2.0 does expose this property:
-Oauth2AllowImplicitFlowSpecifies whether this web application can request OAuth2.0 implicit flow tokens. The default is false.
Type: Boolean
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Let me know if this helps.
回答2:
You can use CLI to call Graph API to do achieve that. This method needs to create service principal in your AAD Tenant, and assign Company Admin role to it.
Get an authentication token
curl -X "POST" "https://login.microsoftonline.com/$TENANTID/oauth2/token" \
-H "Cookie: flight-uxoptin=true; stsservicecookie=ests; x-ms-gateway-slice=productionb; stsservicecookie=ests" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "client_id=$APPID" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "client_secret=$PASSWORD" \
--data-urlencode "resource=https://graph.windows.net/"
Set the AAD applicaiton Oauth2AllowImplicitFlow to be true:
curl -X "PATCH" "https://graph.windows.net/$TENANTID/applications/$ObjectId?api-version=1.6" \
-H "Authorization: Bearer $ACCESSTOKEN" \
-H "Content-Type: application/json" \
-d $'{"oauth2AllowImplicitFlow":true}'
After few seconds, Oauth2AllowImplicitFlow of your application has been set to be true.
Additional, as @Shawn said that Azure CLI doesn't have this cmdlet to set AAD Application,but Azure Powershell have. However Azure CLI is an important tool for Linux platform to use Azure. I think we can post this feature feedback in this Page. Azure Team will review it.
Hope this helps!
来源:https://stackoverflow.com/questions/49394544/azure-cli-create-ad-app-with-allowimplicit