Microsoft Azure Graph API-AppRoleAssignedTo无法正常工作?
我一直在寻找答案,但是似乎找不到可靠的答案.
I have searched for an answer to this, but don't seem to be finding a reliable answer.
我正在尝试通过Graph API删除租户中的应用程序(servicePrincipal).我拥有所有代码(Java),以获得我的访问令牌,调用/servicePrincipals,然后使用该信息来检索每个servicePrincipal的appRoleAssignments.那是行得通的.
I am attempting to delete an application (servicePrincipal) in our tenant through the Graph API. I have all of the code (Java) to get my access token, make a call to /servicePrincipals, and then use that information to retrieve each servicePrincipal's appRoleAssignments. That is working.
问题在于Graph API和Azure AD Graph API的行为似乎有所不同.我最初使用的是AAD Graph API,但现在正在过渡使用Graph API.这是我看到的问题:
The problem is that the Graph API and the Azure AD Graph API seem to behave differently. I was initially using the AAD Graph API, but am transitioning to use the Graph API. Here is the problem that I am seeing:
使用AAD Graph API时,我会这样做
When using AAD Graph API, I do
https://graph.windows.net/[tenant-domain]/servicePrincipals/[service-principal-guid]?api-version=1.6
然后恢复我的期望.然后我做
and get back what I expect. I then do
https://graph.windows.net/[tenant-domain]/servicePrincipals/[service-principal-guid]/appRoleAssignedTo?api-version=1.6
然后回来
{
"odata.metadata": "https://graph.windows.net/[tenant-name]/$metadata#directoryObjects/Microsoft.DirectoryServices.AppRoleAssignment",
"value": [
{
"odata.type": "Microsoft.DirectoryServices.AppRoleAssignment",
"objectType": "AppRoleAssignment",
"objectId": "[removed]",
"deletionTimestamp": null,
"creationTimestamp": null,
"id": "[removed]",
"principalDisplayName": "ManuallyAdded",
"principalId": "[removed]",
"principalType": "Group",
"resourceDisplayName": "Box",
"resourceId": "[removed]"
},
{
"odata.type": "Microsoft.DirectoryServices.AppRoleAssignment",
"objectType": "AppRoleAssignment",
"objectId": "[removed]",
"deletionTimestamp": null,
"creationTimestamp": null,
"id": "[removed]",
"principalDisplayName": "TestGroup",
"principalId": "[removed]",
"principalType": "Group",
"resourceDisplayName": "Box",
"resourceId": "[removed]"
}
]
}
然后我切换Graph API并执行
Then I switch the the Graph API and do
https://graph.microsoft.com/beta/[tenant-domain]/servicePrincipals/[service-principal-guid]
,并获得与AAD Graph API相同的结果.但是现在,当我这样做
and get back the same results as the AAD Graph API. But now, when I do
https://graph.microsoft.com/beta/[tenant-domain]/servicePrincipals/[service-principal-guid]/appRoleAssignedTo
我总是回来
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#appRoleAssignments",
"value": []
}
正如您在上面看到的,我正在使用Graph API的Beta版和AAD Graph API 1.6版.我想念什么吗? Beta中有错误吗?
As you can see above, I am using the beta version of the Graph API and AAD Graph API version 1.6. Am I missing something? Is there a bug in the beta?
作为旁注,我希望
https://github.com/microsoftgraph/microsoft-graph-docs/tree/master/api-reference/beta/api 作为Beta API的参考,并且似乎遵循了它所说的内容,特别是
https://github.com/microsoftgraph/microsoft-graph-docs/tree/master/api-reference/beta/api as a reference for the beta API and seem to be following what it says, specifically,
我想https://graph.microsoft.com/beta/appRoleAssignments/[id]示例的底部有一个错字.
I think there is a typo in there at the bottom for the https://graph.microsoft.com/beta/appRoleAssignments/[id] example.
谢谢!
布莱恩
感谢您报告此问题.我已在内部提交了一个错误以调查并解决此问题.请随时在GitHub上提交文档问题. 部署了修补程序后,将向您报告.
Thanks for reporting this issue. I've filed a bug internally to investigate and fix this issue. Please feel free to file a doc issue on GitHub. Will report back when we have a fix deployed.