Home > Blockchain >  AZ REST Command Forbidden
AZ REST Command Forbidden

Time:10-13

Service Principal does have Application.ReadWrite.OwnedBy API permission but it can't PATCH using the AZ REST commands.

It can LIST/ GET using AZ REST command.

az rest --method PATCH --uri "https://graph.microsoft.com/v1.0/applications/{OBJECT_ID}" --headers 'Content-Type=application/json' --body  "{web:{redirectUris:['https://URL']}}"

Error:

Forbidden(
{
    "error": {
        "code":"Authorization_RequestDenied",
        "message":"Insufficient privileges to complete the operation.",
        "innerError": {
            "date":"2022-10-13T06:10:41",
            "request-id":"...",
            "client-request-id":"...."
        }
    }
})

Any idea why it says forbidden?

CodePudding user response:

As per the error you mentioned it seems to be delegated permission issue by the admin has to give permission to do that operation. Please check the same on Azure portal in API permission under App Registration

CodePudding user response:

I tried reproduce in my environment got below results:

I have an Application with name testvenkat and added " Application.ReadWrite.OwnedBy" api permission and also granted admin consent permission which is shown below:

enter image description here

Now I tried the same commands:

az rest --method PATCH --uri 'https://graph.microsoft.com/v1.0/applications/'<Object ID>' --body "{'web':{'redirectUris':['https://< url >']}}" --headers Content-Type=application/json

Console: enter image description here

I used the GET method to see my Web-redirectUrl to make sure whether it is updated or not.

az rest --method GET --uri 'https://graph.microsoft.com/v1.0/applications/<Object-ID>'

Console: enter image description here

enter image description here

Portal: enter image description here

    "error": {
        "code":"Authorization_RequestDenied",
        "message":"Insufficient privileges to complete the operation.",
        "innerError": {
            "date":"2022-10-13T06:10:41",
            "request-id":"...",
            "client-request-id":"...."
        }
    } })

Please check the points

  1. Make sure you are logged in correct az login < username > and < password > or az login serviceprincipal < application id > and secrets.
  2. Check whether it has proper role assignments and permission role "owner" .
  3. Also check the api permission "Application.ReadWrite.OwnedBy" has application type in microsoft graph api.

Reference: Microsoft Graph permissions reference - Microsoft Graph | Microsoft Learn

Page link:https//www.codepudding.com/Blockchain/574921.html

Prev:Getting system.object instead of a value in csv file exported from powershell script
Next:Bicep - How to update a dictionary object
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding