functions/azure/Get-MicrosoftGraphPermissions.ps1
|
function Get-MicrosoftGraphPermissions { param( [guid]$MicrosoftGraphServicePrincipalId = [guid]::Empty, # TODO support resourceSpecificApplicationPermissions [Parameter(ParameterSetName = 'OAuth2PermissionScopes')] [switch]$OAuth2PermissionScopes, [Parameter(ParameterSetName = 'AppRoles')] [switch]$AppRoles, [Parameter(ParameterSetName = 'AppRoles')] [switch]$All ) if ($AllAppRoles -and $Type -ne 'AppRoles') { Write-Warning "The parameter -All only affects -Type 'AppRoles'." } if ([guid]::Empty -eq $MicrosoftGraphServicePrincipalId) { $MicrosoftGraphServicePrincipalId = Get-MicrosoftGraphServicePrincipalId } $requestUri = "https://graph.microsoft.com/v1.0/servicePrincipals/$MicrosoftGraphServicePrincipalId" $headers = @{ Authorization = Get-RequestHeaderAuthorization -RequestUri $requestUri "Content-Type" = "application/json" } $graphSpFull = Invoke-RestMethod -Method GET -Uri $requestUri -Headers $headers if ($AppRoles -and $All) { $result = $graphSpFull.appRoles } elseif ($AppRoles -and -not $All) { $result = $graphSpFull.appRoles | Where-Object { $_.allowedMemberTypes -contains "Application" } } elseif ($OAuth2PermissionScopes) { $result = $graphSpFull.oauth2PermissionScopes } else { $result = $false } return $result } |