我尝试将appRole分配给servicePrincipal并获得了一些奇怪的响应: 网址是 https://graph.microsoft.com/beta/servicePrincipals/ {ID} / appRoleAssignments 与
{
"principalDisplayName": "[displayName]",
"principalId": "[Guid]",
"principalType": "ServicePrincipal",
"resourceDisplayName": "Microsoft.Azure.ActiveDirectory",
"resourceId": "a774ef19-d0c7-4305-8317-8aa6a1f06634"
}
这是回复
{
"error": {
"code": "BadRequest",
"message": "Write requests are only supported on contained entities",
"innerError": {
"request-id": "2be2ae24-a9d9-4699-b72a-68f2feb12f8d",
"date": "2017-08-17T18:10:07"
}
}
}
如果我将网址更改为 https://graph.microsoft.com/beta/appRoleAssignments 使用相同的请求主体,它返回
{
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource 'CBVUPR3WYk-2780vOjxKdw' does not exist or one of its queried reference-property objects are not present.",
"innerError": {
"request-id": "9b1aaae6-3178-4db3-8a2b-1a025d69bbda",
"date": "2017-08-17T18:18:05"
}
}
}
对此有何想法?
感谢
答案 0 :(得分:0)
不幸的是,我认为目前这种情况非常糟糕。这个API有一个主要的错误 - 因为API没有为您提供设置您尝试分配的appRoleId的方法。在修复此问题时,我没有ETA。与此同时,AAD Graph API是唯一可用的选项。
希望这有帮助,