-
Notifications
You must be signed in to change notification settings - Fork 303
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Resource for Authorized client applications for Oauth 2 permission scope #451
Comments
Hi @drdamour, thanks for requesting this! This is a Microsoft Graph specific feature that will be possible to implement once we reach v2.0. I'm not sure whether this could make it into v2.0 specifically, or a subsequent 2.x release, but we can definitely consider it. In the API schema, this is actually a different property than oauth2PermissionScopes ( resource "azuread_application" "example" {
display_name = "example-app"
api {
pre_authorized_application {
application_id = azuread_application.other_app.application_id
scope_ids = ["uuid1", "uuid2"]
}
pre_authorized_application {
application_id = azuread_application.further_app.application_id
scope_ids = ["uuid3", "uuid4"]
}
}
} With the potential to introduce this in a new resource, e.g. WDYT? |
@manicminer i guess...you sure it's not related to the oauth2_permission_scope stuff...those are the things i get to choose from in the portal web gui IME. |
@drdamour Alas it is a separate feature even though in the portal you can find them on the same page Edit: MS Graph docs - see the |
@manicminer get it, was more saying its about oauth2 not general api, but i see the scope properties are oauth specific but nothing else |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Description
kinda surprised i didn't see another request for this yet, so maybe i'm missing it in the docs or the name in another request. This is assigning permissions scopes to specific authorized clients. The main benefit being supporting Azure.Identity's visual studio provider to work.
This is the area here
New or Affected Resource(s)
Potential Terraform Configuration
assuming the api follows the gui which lets you assign many at one:
if it's just 1 to 1, then scope_ids would be scope_id...and in such a case, it'd be nice to be able to nest multiple of these under a authorized_clients block in azuread_application_oauth2_permission_scope
References
The text was updated successfully, but these errors were encountered: