Access Azure Enterprise Apps using Microsoft Graph

0
votes

I'm trying to get a list of the applications listed on this page: https://myapplications.microsoft.com/ (must be authenticated against an AAD tenant to view those apps).

I'm using SPFx, and thought that I would be able to do so using the following microsoft graph endpoint; https://docs.microsoft.com/en-us/graph/api/application-list

That endpoint only appears to return custom application registrations, and not other applications such as Microsoft Teams, or Yammer.

I saw that the all apps page uses the following endpoint to get it's list; https://myapplications.microsoft.com/api/me/getExpandedAssignedWorkspaces - but it doesn't like my AAD token (401).

Any ideas?

1
azure-active-directorymicrosoft-graph-apispfx

1 Answers

0
votes

By using the Developer tools of my browser and tracing all the requests, I found that it actually used an id token.

enter image description here

And then I can use the id_token to call the API:

enter image description here

https://myapplications.microsoft.com/api/me/getExpandedAssignedWorkspaces is not a published API, the app with client id 2793995e-0a7d-40d7-bd35-6968ba142197 is not a public application. So, you can uses OpenID Connect to get an id token.

You need to generate a URL like the following:

https://login.microsoftonline.com/{your_tenant_id}/oauth2/authorize?response_type=id_token&client_id=2793995e-0a7d-40d7-bd35-6968ba142197&redirect_uri=https%3A%2F%2Fmyapplications.microsoft.com&state={new_guid}&nonce={new_guid}

Then you will be able to see the id token with the Developer tools.