Skip to content

[Feature request] az ad app permission admin-consent: Migrate https://main.iam.ad.ext.azure.com/ to Microsoft Graph #29424

New issue
New issue
Open
Open
[Feature request] az ad app permission admin-consent: Migrate https://main.iam.ad.ext.azure.com/ to Microsoft Graph#29424

Description

@jiasli

jiasli
openedon Jul 19, 2024

Related command
az ad app permission admin-consent

Is your feature request related to a problem? Please describe.
az ad app permission admin-consent internally calls https://main.iam.ad.ext.azure.com/ endpoint:

azure-cli/src/azure-cli/azure/cli/command_modules/role/custom.py

Line 959 in 38eaebb

url = 'https://main.iam.ad.ext.azure.com/api/RegisteredApplications/{}/Consent?onBehalfOfAll=true'.format(

This endpoint has several limitations:

  1. This endpoint is now deprecated
  2. It can only be called by a user, not a service principal.
  3. It fails in Cloud Shell, because https://main.iam.ad.ext.azure.com/ is not a resource supported by Cloud Shell (az ad app permission admin-consent --id <app-id> fails in CloudShell #8912, Admin Consent is not working in Cloud Shell #14230)
  4. It doesn't support sovereign clouds (az ad app permission admin-consent for sovereign cloud #9942)

Describe the solution you'd like
Migrate https://main.iam.ad.ext.azure.com/ to Microsoft Graph.

Describe alternatives you've considered
Remove az ad app permission admin-consent and replace it with fine-grained az ad app permission grant and #22768.

Additional context

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

Labels

Auto-AssignAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamGraphaz adfeature-request

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions