0

As you know currently a user needs to access https://myapps.microsoft.com/ then select an organization and then a list of applications is displayed.

I'm trying to re-build that portal in a single JS page. The user already authenticates with Azure to reach this JS page, and my target is to make a call to microsoft and retrieve the list of applications available for this specific user.

All I found in microsoft docs is how to retrieve data and access token for a specific application using the client secret and details about this application. But in my case I don't have an application all I have is a tenant id.

Is this feasible? keep in mind I can only use JS not nodejs or angular etc.

Mohammad Shokor
  • 1

1 Answers1

0

You can use below graph api to list all of the apps which the specific user be assigned a role.

https://graph.microsoft.com/beta/users/{userId}/appRoleAssignments

enter image description here

The resourceDisplayName is the name of the app shown in the page you provided and the resourceId is the objectId of the app(service principal) in azure.

By the way, it seems the page you provided doesn't show all of the apps which the specific user be assigned a role. I'm not sure if there is bug in that page, but the graph api I provided shows all of the apps for the specific(the user is assigned a role in the app).

Hope it helps~

Hury Shen
  • 14,948
  • 1
  • 9
  • 18
  • Hello Hury, thank you for your answer. This call requires a Bearer {token} for authorization. How can I retrieve this token to make this call? I don't have a client secret or app id . – Mohammad Shokor Jul 06 '20 at 06:47
  • @MohammadShokor You need to [register](https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) a app in your azure ad first. And then generate client secret and add permissions to it by following this [tutorial](https://learn.microsoft.com/en-us/graph/notifications-integration-app-registration). After that [get](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#get-a-token) the access token according to the app you registered and use the access token to request this graph api. – Hury Shen Jul 06 '20 at 07:00
  • @MohammadShokor By the way, you'd better to use v1.0 graph api but not the beta graph api I provided in my answer. [This](https://learn.microsoft.com/en-us/graph/api/user-list-approleassignments?view=graph-rest-1.0&tabs=http) is the document of the v1.0 graph api. – Hury Shen Jul 06 '20 at 07:01
  • @MohammadShokor Here is a [post](https://stackoverflow.com/questions/55742935/how-to-call-azure-graph-api-using-postman) which may help you, it includes all of the steps to register app, generate secret, add permissions, get access token and request the graph api. – Hury Shen Jul 06 '20 at 07:27
  • Hi @MohammadShokor May I know if your problem was solved ? If the solution helps your problem, could you please [accept](https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work) it as answer(click on the check mark beside my answer to toggle it from greyed out to filled in). Thanks in advance~ – Hury Shen Jul 08 '20 at 02:14