Description
Describe the bug
I'm trying to update application, but I'm getting error message:
Update-MgApplication : App role with identifier '00000000-0000-0000-0000-000000000000' must have at least one value specified for 'allowedMemberTypes'.
Status: 400 (BadRequest)
ErrorCode: Request_BadRequest
Date: 2025-05-05T08:27:10
Headers:
Transfer-Encoding : chunked
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 4daa4efd-c2ae-47db-8a33-ae87e1a44c83
client-request-id : c6ee6309-11b6-47cc-8b41-f34924a4790d
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"007","RoleInstance":"AM4PEPF00027786"}}
x-ms-resource-unit : 1
Cache-Control : no-cache
Date : Mon, 05 May 2025 08:27:10 GMT
At line:1 char:7
+ Update-MgApplication `
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ ApplicationId...phApplication }:<>f__AnonymousType0`3) [Update-MgApplication_UpdateExpanded], Exception
+ FullyQualifiedErrorId : Request_BadRequest,Microsoft.Graph.PowerShell.Cmdlets.UpdateMgApplication_UpdateExpanded
Expected behavior
I'd expect the application to be updated without issues.
How to reproduce
- Connect-MgGraph
- $app = Get-MgApplication -Filter "AppId eq '$AppId'" -ErrorAction Stop
- $appRoles = $app.AppRoles
- $appApi = $app.Api
- Update-MgApplication -ApplicationId $app.Id -AppRoles $appRoles -Api $appApi
SDK Version
2.27.0 Microsoft.Graph.Applications
Latest version known to work for scenario above?
Probably 2.26.x - we run this regularly with 2.24.0
Known Workarounds
No response
Debug output
Click to expand log
```Update-MgApplication `
-ApplicationId $app.Id ` -AppRoles $appRoles ` -Api $appApi -Debug
DEBUG: [CmdletBeginProcessing]: - Update-MgApplication begin processing with parameterSet 'UpdateExpanded'.
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
PATCH
Absolute Uri:
https://graph.microsoft.com/v1.0/applications/APP_ID
Headers:
FeatureFlag : 00000003
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.19045; en-US),PowerShell/5.1.19041.5737
SdkVersion : graph-powershell/2.27.0
client-request-id : c34d4b35-46b2-442d-b74d-0b3663d444c2
Body:
{
"appRoles": [
{
"isEnabled": true
}
],
"api": {}
}
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
BadRequest
Headers:
Transfer-Encoding : chunked
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 264377bb-e389-4366-951e-46ed59d6b9aa
client-request-id : c34d4b35-46b2-442d-b74d-0b3663d444c2
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"002","RoleInstance":"AM2PEPF0002EAD8"}}
x-ms-resource-unit : 1
Cache-Control : no-cache
Date : Mon, 05 May 2025 08:37:34 GMT
Body:
{
"error": {
"code": "Request_BadRequest",
"message": "App role with identifier '00000000-0000-0000-0000-000000000000' must have at least one value specified for 'allowedMemberTypes'.",
"innerError": {
"date": "2025-05-05T08:37:34",
"request-id": "264377bb-e389-4366-951e-46ed59d6b9aa",
"client-request-id": "c34d4b35-46b2-442d-b74d-0b3663d444c2"
}
}
}
Confirm
App role with identifier '00000000-0000-0000-0000-000000000000' must have at least one value specified for 'allowedMemberTypes'.
Status: 400 (BadRequest)
ErrorCode: Request_BadRequest
Date: 2025-05-05T08:37:34
Headers:
Transfer-Encoding : chunked
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 264377bb-e389-4366-951e-46ed59d6b9aa
client-request-id : c34d4b35-46b2-442d-b74d-0b3663d444c2
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"002","RoleInstance":"AM2PEPF0002EAD8"}}
x-ms-resource-unit : 1
Cache-Control : no-cache
Date : Mon, 05 May 2025 08:37:34 GMT
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): A
Update-MgApplication : App role with identifier '00000000-0000-0000-0000-000000000000' must have at least one value specified for 'allowedMemberTypes'.
Status: 400 (BadRequest)
ErrorCode: Request_BadRequest
Date: 2025-05-05T08:37:34
Headers:
Transfer-Encoding : chunked
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 264377bb-e389-4366-951e-46ed59d6b9aa
client-request-id : c34d4b35-46b2-442d-b74d-0b3663d444c2
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"002","RoleInstance":"AM2PEPF0002EAD8"}}
x-ms-resource-unit : 1
Cache-Control : no-cache
Date : Mon, 05 May 2025 08:37:34 GMT
At line:1 char:7
-
Update-MgApplication ` -
~~~~~~~~~~~~~~~~~~~~~~- CategoryInfo : InvalidOperation: ({ ApplicationId...phApplication }:<>f__AnonymousType0`3) [Update-MgApplication_UpdateExpanded], Exception
- FullyQualifiedErrorId : Request_BadRequest,Microsoft.Graph.PowerShell.Cmdlets.UpdateMgApplication_UpdateExpanded
DEBUG: [CmdletEndProcessing]: - Update-MgApplication end processing.
Configuration
PSVersion 5.1.19041.5737
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.19041.5737
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Other information
It seems that the appRoles aren't getting serialized properly in 2.27.0
$appRoles
AllowedMemberTypes Description DisplayName Id IsEnabled Origin Value
------------------ ----------- ----------- -- --------- ------ -----
{Application} Redacted Redacted Redacted True Application Redacted
$appRoles.GetType()
IsPublic IsSerial Name BaseType
-------- -------- ---- --------
True True IMicrosoftGraphAppRole[] System.Array