通过 Powershell 将新的重定向 URI 插入到 Azure 应用程序注册中
Insert a new redirect URI into Azure App Registration via Powershell
我有一个 powershell 脚本可以通过 powershell 插入一个新的重定向 URI。如果我 运行 一个接一个地执行命令,它会起作用,而如果我 运行 带有参数的脚本,它就不起作用。请帮忙。
这是我的脚本。
#######################################################################################
#Create New Redirect URI in Azure App Service:
#######################################################################################
param
(
[string] $url,
[string] $objectId,
[string] $clientId,
[string] $tenantValue,
[string] $clientSecret,
[string] $serviceAccountEmail,
[string] $serviceAccountPassword
)
$webServiceURL = $url
Write-Host "$webServiceURL"
Write-Host "Done creating the webServiceURL"
Write-Host "Convert password to Secure string"
$SecurePassword = ConvertTo-SecureString $serviceAccountPassword -AsPlainText -Force
Write-Host "Done converting password to Secure string"
$Credential = New-Object System.Management.Automation.PSCredential($serviceAccountEmail, $SecurePassword)
Write-Host "Logging in"
Login-AzAccount -Credential $Credential
$tid = (Get-AzTenant).Id
Write-Host "Getting token"
$tokenBody = @{
'tenant' = $tid
'client_id' = $clientId
'scope' = 'https://graph.microsoft.com/.default'
'client_secret' = $clientSecret
'grant_type' = 'client_credentials'
}
$Params = @{
'Uri' = "https://login.microsoftonline.com/$tid/oauth2/v2.0/token"
'Method' = 'Post'
'Body' = $tokenBody
'ContentType' = 'application/x-www-form-urlencoded'
}
$AuthResponse = Invoke-RestMethod @Params
$AuthResponse
$header = @{
'Content-Type' = 'application/json'
'Authorization' = "Bearer $($AuthResponse.access_token)"
}
$header
$redirectUris = (Invoke-RestMethod -Method Get -Uri "https://graph.microsoft.com/beta/applications/$objectId" -Headers $header).spa.redirectUris
if ($redirectUris -notcontains "$webServiceURL") {
$redirectUris += "$webServiceURL"
Write-Host "Adding $webServiceURL to redirect URIs";
}
$body = @{
'spa' = @{
'redirectUris' = $redirectUris
}
} | ConvertTo-Json
Invoke-RestMethod -Method Patch -Uri "https://graph.microsoft.com/beta/applications/$objectId" -Headers $header -Body $body
Write-Host "Were there errors? (If the next line is blank, then no!) $error"
这是我的屏幕截图,如果我逐步输入命令,它可以正常工作:
这是我将其作为参数发送并执行脚本文件时出现错误的屏幕截图。
我是否需要等待每个步骤都得到解决,然后再继续?请指教
我试图通过提供错误的 clientId 来重现您的问题,这不是我正在登录的租户的一部分。
因此,作为解决方案,您必须传递驻留在租户中的正确 clientId,以便您的代码成功 运行,如下所示。
更新
重现403 forbidden错误
解决方案 : 添加了 API 权限-> Application.ReadWrite.All Microsoft Graph 在应用程序权限下[=41] =].
输出:
我有一个 powershell 脚本可以通过 powershell 插入一个新的重定向 URI。如果我 运行 一个接一个地执行命令,它会起作用,而如果我 运行 带有参数的脚本,它就不起作用。请帮忙。
这是我的脚本。
#######################################################################################
#Create New Redirect URI in Azure App Service:
#######################################################################################
param
(
[string] $url,
[string] $objectId,
[string] $clientId,
[string] $tenantValue,
[string] $clientSecret,
[string] $serviceAccountEmail,
[string] $serviceAccountPassword
)
$webServiceURL = $url
Write-Host "$webServiceURL"
Write-Host "Done creating the webServiceURL"
Write-Host "Convert password to Secure string"
$SecurePassword = ConvertTo-SecureString $serviceAccountPassword -AsPlainText -Force
Write-Host "Done converting password to Secure string"
$Credential = New-Object System.Management.Automation.PSCredential($serviceAccountEmail, $SecurePassword)
Write-Host "Logging in"
Login-AzAccount -Credential $Credential
$tid = (Get-AzTenant).Id
Write-Host "Getting token"
$tokenBody = @{
'tenant' = $tid
'client_id' = $clientId
'scope' = 'https://graph.microsoft.com/.default'
'client_secret' = $clientSecret
'grant_type' = 'client_credentials'
}
$Params = @{
'Uri' = "https://login.microsoftonline.com/$tid/oauth2/v2.0/token"
'Method' = 'Post'
'Body' = $tokenBody
'ContentType' = 'application/x-www-form-urlencoded'
}
$AuthResponse = Invoke-RestMethod @Params
$AuthResponse
$header = @{
'Content-Type' = 'application/json'
'Authorization' = "Bearer $($AuthResponse.access_token)"
}
$header
$redirectUris = (Invoke-RestMethod -Method Get -Uri "https://graph.microsoft.com/beta/applications/$objectId" -Headers $header).spa.redirectUris
if ($redirectUris -notcontains "$webServiceURL") {
$redirectUris += "$webServiceURL"
Write-Host "Adding $webServiceURL to redirect URIs";
}
$body = @{
'spa' = @{
'redirectUris' = $redirectUris
}
} | ConvertTo-Json
Invoke-RestMethod -Method Patch -Uri "https://graph.microsoft.com/beta/applications/$objectId" -Headers $header -Body $body
Write-Host "Were there errors? (If the next line is blank, then no!) $error"
这是我的屏幕截图,如果我逐步输入命令,它可以正常工作:
这是我将其作为参数发送并执行脚本文件时出现错误的屏幕截图。
我是否需要等待每个步骤都得到解决,然后再继续?请指教
我试图通过提供错误的 clientId 来重现您的问题,这不是我正在登录的租户的一部分。
因此,作为解决方案,您必须传递驻留在租户中的正确 clientId,以便您的代码成功 运行,如下所示。
更新
重现403 forbidden错误
解决方案 : 添加了 API 权限-> Application.ReadWrite.All Microsoft Graph 在应用程序权限下[=41] =].
输出: