{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 时光不老,我们不散 的问题《Microsoft Azure Graph API - AppRoleAssignedTo not》','https://www.manongdao.com/q-914057.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have searched for an answer to this, but don't seem to be finding a reliable answer.
I am attempting to delete an application (servicePrincipal) in our tenant through the Graph API. I have all of the code (Java) to get my access token, make a call to /servicePrincipals, and then use that information to retrieve each servicePrincipal's appRoleAssignments. That is working.
The problem is that the Graph API and the Azure AD Graph API seem to behave differently. I was initially using the AAD Graph API, but am transitioning to use the Graph API. Here is the problem that I am seeing:
When using AAD Graph API, I do
https://graph.windows.net/[tenant-domain]/servicePrincipals/[service-principal-guid]?api-version=1.6
and get back what I expect. I then do
https://graph.windows.net/[tenant-domain]/servicePrincipals/[service-principal-guid]/appRoleAssignedTo?api-version=1.6
and get back
{
"odata.metadata": "https://graph.windows.net/[tenant-name]/$metadata#directoryObjects/Microsoft.DirectoryServices.AppRoleAssignment",
"value": [
{
"odata.type": "Microsoft.DirectoryServices.AppRoleAssignment",
"objectType": "AppRoleAssignment",
"objectId": "[removed]",
"deletionTimestamp": null,
"creationTimestamp": null,
"id": "[removed]",
"principalDisplayName": "ManuallyAdded",
"principalId": "[removed]",
"principalType": "Group",
"resourceDisplayName": "Box",
"resourceId": "[removed]"
},
{
"odata.type": "Microsoft.DirectoryServices.AppRoleAssignment",
"objectType": "AppRoleAssignment",
"objectId": "[removed]",
"deletionTimestamp": null,
"creationTimestamp": null,
"id": "[removed]",
"principalDisplayName": "TestGroup",
"principalId": "[removed]",
"principalType": "Group",
"resourceDisplayName": "Box",
"resourceId": "[removed]"
}
]
}
Then I switch the the Graph API and do
https://graph.microsoft.com/beta/[tenant-domain]/servicePrincipals/[service-principal-guid]
and get back the same results as the AAD Graph API. But now, when I do
https://graph.microsoft.com/beta/[tenant-domain]/servicePrincipals/[service-principal-guid]/appRoleAssignedTo
I always get back
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#appRoleAssignments",
"value": []
}
As you can see above, I am using the beta version of the Graph API and AAD Graph API version 1.6. Am I missing something? Is there a bug in the beta?
As a side note, I am looking to
https://github.com/microsoftgraph/microsoft-graph-docs/tree/master/api-reference/beta/api as a reference for the beta API and seem to be following what it says, specifically,
I think there is a typo in there at the bottom for the https://graph.microsoft.com/beta/appRoleAssignments/[id] example.
Thanks!
Brian
Thanks for reporting this issue. I've filed a bug internally to investigate and fix this issue. Please feel free to file a doc issue on GitHub. Will report back when we have a fix deployed.