我已經搜索了這個答案,但似乎沒有找到可靠的答案。Microsoft Azure圖形API - AppRoleAssignedTo無法正常工作?
我試圖通過Graph API在我們的租戶中刪除應用程序(servicePrincipal)。我擁有所有代碼(Java)來獲取我的訪問令牌,調用/ servicePrincipals,然後使用該信息來檢索每個servicePrincipal的appRoleAssignments。這是行得通的。
問題是Graph API和Azure AD Graph API的行爲似乎有所不同。我最初使用的是AAD Graph API,但是正在過渡到使用Graph API。這是我看到的問題:
使用AAD圖形API,我做
https://graph.windows.net/[tenant-domain]/servicePrincipals/[service-principal-guid]?api-version=1.6
,並取回我的期望。然後我做
https://graph.windows.net/[tenant-domain]/servicePrincipals/[service-principal-guid]/appRoleAssignedTo?api-version=1.6
,並取回
{
"odata.metadata": "https://graph.windows.net/[tenant-name]/$metadata#directoryObjects/Microsoft.DirectoryServices.AppRoleAssignment",
"value": [
{
"odata.type": "Microsoft.DirectoryServices.AppRoleAssignment",
"objectType": "AppRoleAssignment",
"objectId": "[removed]",
"deletionTimestamp": null,
"creationTimestamp": null,
"id": "[removed]",
"principalDisplayName": "ManuallyAdded",
"principalId": "[removed]",
"principalType": "Group",
"resourceDisplayName": "Box",
"resourceId": "[removed]"
},
{
"odata.type": "Microsoft.DirectoryServices.AppRoleAssignment",
"objectType": "AppRoleAssignment",
"objectId": "[removed]",
"deletionTimestamp": null,
"creationTimestamp": null,
"id": "[removed]",
"principalDisplayName": "TestGroup",
"principalId": "[removed]",
"principalType": "Group",
"resourceDisplayName": "Box",
"resourceId": "[removed]"
}
]
}
然後我切換圖形API並做
https://graph.microsoft.com/beta/[tenant-domain]/servicePrincipals/[service-principal-guid]
並取回相同的結果AAD圖API。但現在,當我做
https://graph.microsoft.com/beta/[tenant-domain]/servicePrincipals/[service-principal-guid]/appRoleAssignedTo
我總是回來
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#appRoleAssignments",
"value": []
}
正如你可以在上面看到,我使用的圖形API和AAD圖形API 1.6版本的測試版。我錯過了什麼嗎?測試版中是否存在錯誤?
作爲一個方面說明,我期待
https://github.com/microsoftgraph/microsoft-graph-docs/tree/master/api-reference/beta/api作爲測試API參考,似乎下面什麼它說,具體而言,
我認爲https://graph.microsoft.com/beta/appRoleAssignments/[id]示例的底部存在拼寫錯誤。
謝謝!
Brian