We've recently added app permission add for working with permissions of app registrations. But that command can only be used when you are working with a m365rc.json file.
We also have:
- aad approleassignment add but that only adds app-only permissions to service principals, not to App Registrations.
- aad oauth2grant add but that only adds delegated permissions to service principals, not to App Registrations.
- We're currently building aad app permission add to add app-only as well as delegated permissions to App registrations.
I think we need a couple more commands to be able to cover the entire permissions thing and to make the experience of working with permissions a little more consistent:
Working with App Registrations
Working with Service Principals
Service Principals can be instances of App Registrations, but they don't have to be. (as in the case of managed identities). We already support working with service principals, but the experience is not very consistent and clear. Bundling this in a single command and allowing users to work with resource URL's and scopes would be a great step forward in my opinion.
From this list, aad sp permission add would in time be able to replace aad approleassignment add and aad oauth2grant add.
Shared code
There's also quite some duplicated code among all these commands that's actually doing the same. I'd suggest we move some code to utils:
Fixes
We're also implementing a rename of entra serviceprincipal <verb> commands.
Other fixes
We've recently added app permission add for working with permissions of app registrations. But that command can only be used when you are working with a m365rc.json file.
We also have:
I think we need a couple more commands to be able to cover the entire permissions thing and to make the experience of working with permissions a little more consistent:
Working with App Registrations
Working with Service Principals
Service Principals can be instances of App Registrations, but they don't have to be. (as in the case of managed identities). We already support working with service principals, but the experience is not very consistent and clear. Bundling this in a single command and allowing users to work with resource URL's and scopes would be a great step forward in my opinion.
From this list,
aad sp permission addwould in time be able to replaceaad approleassignment addandaad oauth2grant add.Shared code
There's also quite some duplicated code among all these commands that's actually doing the same. I'd suggest we move some code to utils:
Fixes
We're also implementing a rename of
entra serviceprincipal <verb>commands.Other fixes
entra app permission addto support adding permissions with existing admin consent #6115