我使用图形 API 创建了一个应用程序,并为他们分配了权限 - 委托和应用程序......
ServicePrincipal servicePrincipal = graphClient.servicePrincipals(resSerPrinId)
.buildRequest()
.get();
List<AppRole> appRoles = servicePrincipal.appRoles;
List<PermissionScope> scopes = servicePrincipal.oauth2PermissionScopes;
List<ResourceAccess> raList = new ArrayList<ResourceAccess>();
for (AppRole appRole : appRoles) {
ResourceAccess access = new ResourceAccess();
access.id = appRole.id;
access.type = "Role";
raList.add(access);
}
System.out.println("Roles added...");
for (PermissionScope permissionScope : scopes) {
ResourceAccess access = new ResourceAccess();
access.id = permissionScope.id;
access.type = "Scope";
raList.add(access);
}
System.out.println("Scopes added...");
RequiredResourceAccess reqResAccess = new RequiredResourceAccess();
reqResAccess.resourceAccess = raList;
reqResAccess.resourceAppId = resSerPrinAppClientId;
List<RequiredResourceAccess> rraList = new ArrayList<RequiredResourceAccess>();
rraList.add(reqResAccess);
Application application = graphClient.applications(clientAppObjId)
.buildRequest()
.get();
application.requiredResourceAccess = rraList;
graphClient.applications(clientAppObjId)
.buildRequest()
.patch(application);
在上面的代码中,resSerPrinId是资源服务主体 ID,它在清单中具有应用角色,在“公开 api”部分具有范围...
所以我从该资源服务主体中提取 appRoles 和 oauth2Permission 并将它们发送给客户端服务主体......
在 UI 中,我看到权限没有授予...
是否可以使用某些图形 API 授予他们管理员权限,或者手动加载这些权限,然后授予他们管理员权限...或者我是否需要始终使用 UI 来执行此操作...?