I am trying to create application in Azure AD programatically. I added initial app in management portal and granted permissions to Graph Api and Active directory (Directory read/write in both).
First I acquire authorization code, sample url formation is below:
uri = Addressable::URI.parse('https://login.microsoftonline.com/common/oauth2/authorize')
uri.query_values = {
response_type: 'code',
response_mode: 'form_post',
client_id: <Application ID>,
redirect_uri: <Redirect URI>,
resource: 'https://graph.windows.net/',
state: <UUID>,
}
Afterwards I get auth token through bellow request:
client = OAuth2::Client.new(client_id,
client_secret,
:site => 'https://login.microsoftonline.com',
:authorize_url => '/common/oauth2/authorize',
:token_url => '/common/oauth2/token')
auth_token = client.auth_code.get_token(auth_code,
:redirect_uri => redirect_uri,
:scope => 'openid'
Finally i can make graph api call to to applications endpoint to add an app:
graph_url = 'https://graph.windows.net/<TENANT ID>/applications?api-version=1.6'
body = {
'identifierUris' => ['<URI>'],
'availableToOtherTenants' => true,
'homepage' => <Home PAGE>,
'replyURLs' => <SOME REPLY URL>,
'displayName' => <APP DISPLAY NAME>,
}
headers = {'Content-Type' => 'application/json','Authorization' => "Bearer #{auth_token.token}"}
conn = Faraday.new(graph_url, {headers: headers})
res = conn.post graph_url, body.to_json
In response I get bellow error which is not very descriptive and not sure what's wrong:
{"odata.error"=>{"code"=>"Service_InternalServerError", "message"=>{"lang"=>"en", "value"=>"Encountered an internal server error."}}}
Any suggestions are appreciated.
I fixed my problem, getting internal error when trying to create App. Be careful when forming 'body' for http request. I was adding extra '/' at the end of url in 'replyUrls' property. Also adding data type for each property is important. Here is the sample request that worked for me:
Here is the link to blog that was helpful:
http://blog.mszcool.com/index.php/2016/06/a-deep-dive-into-azure-ad-multi-tenant-apps-oauthopenidconnect-flows-admin-consent-and-azure-ad-graph-api/