问题描述:
在尝试使用以下命令为 PublicClient 创建守护程序应用程序时,它失败了。如果将 PublicClient 配置为 False,它可以工作。
问题再现:
Connect-AzureAD
$svcprincipal = Get-AzureADServicePrincipal -All $true | ? { $_.DisplayName -eq "Microsoft Graph" }
#Microsoft Graph
$reqGraph = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$reqGraph.ResourceAppId = $svcprincipal.AppId
##Delegated Permissions
$delPermission1 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "0e263e50-5827-48a4-b97c-d940288653c7","Scope" #Access Directory as the signed in user
##Application Permissions
$appPermission1 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "62a82d76-70ea-41e2-9197-370581804d09","Role" #Read and Write All Groups
$appPermission2 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "19dbc75e-c2e2-444c-a770-ec69d8559fc7","Role" #Read and Write directory data
# when Set PublicClient as False, it worked.
New-AzureADApplication -DisplayName pca-test3 -ReplyUrls https://localhost/ -AvailableToOtherTenants $true -PublicClient $false -RequiredResourceAccess $reqGraph
# when Set PublicClient as True, it failed
New-AzureADApplication -DisplayName pca-test3 -ReplyUrls https://localhost/ -AvailableToOtherTenants $true -PublicClient $true -RequiredResourceAccess $reqGraph`
错误信息:
代码:Request_BadRequest 消息:属性 requiredResourceAccess.resourceAccess 无效。详细信息:PropertyName - requiredResourceAccess.resourceAccess、PropertyErrorCode - GenericError HttpStatusCode:BadRequest HttpStatusDescription:错误请求 HttpResponseStatus:已完成
任何人都可以提供一些建议或帮助?谢谢。