In my scenario, I'm attempting to automate creation of one of my AAD applications in order for it to make calls to another another WebAPI service (different AAD app) using the instructions laid out for Daemon processes here:
https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-daemon/
I've been able to automate creation of the AAD application and the required access key via PowerShell.
Here's how I create the application with the key added:
# Generate all the keys (secrets) for the AAD application.
$passwordCredentials = @()
foreach ($key in $activeDirectoryApplication.Keys.Key)
{
$keyKeyVaultName = $key.KeyVaultName
$keyName = $key.KeyVaultKeyName
$expiration = $key.Expiration
LogInfo "Generating key with key name '$keyName' into key vault '$keyKeyVaultName' with key expiry of '$expiration'."
$passwordCredential = GenerateActiveDirectoryApplicationKeyPasswordCredential $key
$passwordCredentials += $passwordCredential
PublishActiveDirectoryApplicationKeyToKeyVault $key $passwordCredential
}
$existingApplication = New-AzureRmADApplication -DisplayName $applicationName -HomePage $applicationHomePage -IdentifierUris @($applicationIdentifier) -PasswordCredentials $passwordCredentials
What I can't figure out is how to automate step 8 in the above link where it grants permissions to access the WebAPI application:
- Configure Permissions for your application - in the Settings menu, choose the 'Required permissions' section, click on Add, then Select an API, and type 'TodoListService' in the textbox. Then, click on Select Permissions and select 'Access TodoListService'.
Does anyone know if this is possible with the Azure PowerShell SDK or do I need to do it some other way (maybe the AAD Graph API)?
Thanks!
