2

I want to set the replyUrlsWithType programmatically on an app manifest within Azure AD. However, the REST API for updating the manifest only seems to support setting the replyUrls property, which does not enable the type property to be set. Is there a supported way to set the replyUrlsWithType programmatically?

The team I'm working with has used Fiddler to take a look at how the Azure portal sets the type property and have hacked the following to get it to work, but we are looking for a supported method if there is one:

$UpdateAppResponse = Invoke-WebRequest -Uri "https://graph.windows.net/myorganization/applications/$appId?api-version=2.0" `
    -Method "PATCH" `
    -Headers @{"Authorization"="$($Response.token_type) $($Response.access_token)"; "Accept"="*/*"; } `
    -ContentType "application/json" `
    -Body "{`"id`":`"$appId`",`"replyUrlsWithType`":[{`"url`":`"https://$HostName`",`"type`":`"Web`"},{`"url`":`"msauth://$ReversedHostName`",`"type`":`"InstalledClient`"}, {`"url`":`"msauth.$ReversedHostName://auth`",`"type`":`"InstalledClient`"}]}"
Nick
  • 23
  • 1
  • 3

2 Answers2

7

In the past, the application registered in Azure portal could only be one type. So, the Azure AD Graph API was able to set replyUrls.

However, new application registered in Azure portal could support both type at the same time. Based on the fiddler traces, the Azure AD Graph seems to updated to support that.

The url https://graph.windows.net/myorganization/applications/$appId?api-version=2.0 is a typical url of AAD Graph API. Maybe just the document has not been updated.

However, we suggest you use Microsoft Graph API. It is an unified center for managing lots of Microsoft Cloud Resources.

You can Get application and Update application with Microsoft Graph API.

For example, you can make a PATCH request with the following body:

{
    "publicClient": {
        "redirectUris": [
            "myapp://auth"
        ]
    },
    "web": {
        "redirectUris": [
            "https://devchat.com/",
            "http://localhost/",
            "https://mytest.com/"
        ],
        "implicitGrantSettings": {
            "enableAccessTokenIssuance": false,
            "enableIdTokenIssuance": false
        }
    }
}

Then all the platforms will be added:

enter image description here

Jack Jia
  • 5,268
  • 1
  • 12
  • 14
  • Thanks Jack Jia. This looks like a great solution. – Nick Nov 06 '19 at 21:48
  • Hi Jack, I'm trying to programmatically create an App Registration with SPA support. This, as far as I can tell, cannot be done using the current (v1) Graph API. I've tried calling https://graph.windows.net/myorganization/applications/$appId?api-version=2.0 but I'm getting a Bad Request with Request_InvalidDataContractVersion code. The same call when done from Azure Portal (edit Manifest page) succeeds. Any ideas how to make it work? – Michal Ciesielski Oct 11 '20 at 18:05
1

For anybody who is looking to configure similarly as a SPA, you can set the property to "spa" instead of "web". This was a headache for me so hopefully helpful for others:

Instead of:

"web": {
    "redirectUris": [

use

"spa": {
    "redirectUris": [

A one liner for the Azure Cloud Shell (bash):

az rest --method PATCH --uri 'https://graph.microsoft.com/v1.0/applications/<APP REG OBJECT GUID (object ID not the App ID)>' --headers 'Content-Type=application/json' --body '{"spa":{"redirectUris":["https:<APP DOMAIN (and port if needed)>"]}}'
dontfrankout
  • 11
  • 1