When creating a custom identity for the CLI, one of the steps is to flip a switch in the azure portal:
Allow Public Clients Flow
After which the device code flow can be used.
It would be nice to have a oneliner that can create a CLI identity app registration.
m365 entra app add --name "CLI identity" --apisDelegated "https://graph.microsoft.com/Sites.ReadWrite.All,https://graph.microsoft.com/User.Read" --platform publicClient --redirectUris "https://login.microsoftonline.com/common/oauth2/nativeclient" --grantAdminConsent
However, within the CLI we don't have an option for enabling the above mentioned toggle. We can create the app using a manifest, but that's quite complicated. We should add a flag option to do just that:
Options
For entra app add:
| Option |
Description |
--allowPublicClientFlows |
Enable the allow public client flows feature on the app registration. |
For entra app set:
| Option |
Description |
--allowPublicClientFlows [allowPublicClientFlows] |
Set to true to enable the allow public client flows feature on the app registration. |
Implementation
The Microsoft Graph does not have a property to do this. So in the CLI we should update the app using the manifest.
We're talking about the following manifest property:
https://learn.microsoft.com/en-us/entra/identity-platform/reference-app-manifest#allowpublicclient-attribute
When creating a custom identity for the CLI, one of the steps is to flip a switch in the azure portal:
Allow Public Clients Flow
After which the device code flow can be used.
It would be nice to have a oneliner that can create a CLI identity app registration.
However, within the CLI we don't have an option for enabling the above mentioned toggle. We can create the app using a manifest, but that's quite complicated. We should add a flag option to do just that:
Options
For entra app add:
--allowPublicClientFlowsFor entra app set:
--allowPublicClientFlows [allowPublicClientFlows]Implementation
The Microsoft Graph does not have a property to do this. So in the CLI we should update the app using the manifest.
We're talking about the following manifest property:
https://learn.microsoft.com/en-us/entra/identity-platform/reference-app-manifest#allowpublicclient-attribute