I am trying to obtain all Application Level Service Principal permissions in Azure using API. I have researched the Azure documentation and so far, I have come up with the following:
The above API call grants us all the application level permission ids and appRoleIds. However, I do not get the name of the permission (e.g. User.ReadAll etc.)
The response I get is:
"id": "xxx,
"deletedDateTime": null,
"appRoleId": "xxx",
"createdDateTime": "xxx",
"principalDisplayName": "TestingSP",
"principalId": "xxx",
"principalType": "ServicePrincipal",
"resourceDisplayName": "Microsoft Graph",
"resourceId": "xxx"
I have tried using directoryObjects/{id} with the appRoleId and id from the above response, but the request does not work.
This request: https://graph.microsoft.com/v1.0/servicePrincipals/{id}/oauth2PermissionGrants only gives us the delegated permission in the format:
"clientId": "xxx",
"consentType": "AllPrincipals",
"id": "xxx",
"principalId": null,
"resourceId": "xxx",
"scope": "User.Read User.ReadBasic.All"
Similar to the aforementioned result, I'd like to obtain the application level permissions. Is there a way for me to do that either using the ids that I obtain from the earlier call or directly? Am I missing anything here?
OR is there a way to get ALL the API permissions for a Service Principal in Azure similar to the below picture:
