-
Notifications
You must be signed in to change notification settings - Fork 4
/
get-azureRMAppPermissions.ps1
37 lines (37 loc) · 1.74 KB
/
get-azureRMAppPermissions.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
function get-azureRMADAppPermissions(){
<#
.SYNOPSIS
Retrieve all permissions an Azure AD application has set
.DESCRIPTION
Returns a hashtable with 'admin' and 'user' as properties, which contain arrays of all permissions this application has
.EXAMPLE
$permissions = get-azureRMADAppPermissions -token (get-azureRMtoken -username [email protected] -password password01) -appId 479c3c0d-a103-4899-84ce-54b05e5be5fa
.PARAMETER token
a valid Azure RM token retrieved through my get-azureRMtoken function
.PARAMETER appId
object ID of the application you want to retrieve permissions from
.NOTES
filename: get-azureRMADAppPermissions.ps1
author: Jos Lieben
blog: www.lieben.nu
created: 26/7/2018
#>
[cmdletbinding()]
Param(
[Parameter(Mandatory=$true)]$token,
[Parameter(Mandatory=$true)]$appId
)
$permissions = @{"admin"=@();"user"=@()}
$header = @{
'Authorization' = 'Bearer ' + $token
'X-Requested-With'= 'XMLHttpRequest'
'x-ms-client-request-id'= [guid]::NewGuid()
'x-ms-correlation-id' = [guid]::NewGuid()}
$url = "https://main.iam.ad.ext.azure.com/api/EnterpriseApplications/$appId/ServicePrincipalPermissions?consentType=Admin&userObjectId="
$res = Invoke-RestMethod -Uri $url -Headers $header -Method GET -ErrorAction Stop -ContentType "application/json"
$permissions.admin += $res
$url = "https://main.iam.ad.ext.azure.com/api/EnterpriseApplications/$appId/ServicePrincipalPermissions?consentType=User&userObjectId="
$res = Invoke-RestMethod -Uri $url -Headers $header -Method GET -ErrorAction Stop -ContentType "application/json"
$permissions.user += $res
return $permissions
}