rudfoss · February 5, 2021 11:13
diff --git a/Set-AppReplyUrlMSGraph.ps1 b/Set-AppReplyUrlMSGraph.ps1
 <#
 .SYNOPSIS
 This script demonstrates how to authenticate with the Microsoft Graph and update the redirect uris for an app registration

 Requirements:

 1. Register an application in the tenant (management app)
 2. Grant the app the following API permissions:
 	- Application.ReadWrite.All

 .PARAMETER MgmtAppId
 The ID of the management app which has the proper API permission scopes to perform the action.

 .PARAMETER MgmtAppClientSecret
 The client secret for the management app

 .PARAMETER TenantId
 The tenant id for the Azure AD/B2C tenant where the apps are stored

 .PARAMETER AppId
 The app id of the application where redirect uris should be modified

 .PARAMETER RedirectUris
 Specify the redirect uris as a string array.
 #>
 param (
 	[Parameter(Mandatory)]
 	[string]
 	$MgmtAppId,

 	[Parameter(Mandatory)]
 	[string]
 	$MgmtAppClientSecret,

 	[Parameter(Mandatory)]
 	[string]
 	$TenantId,

 	[Parameter(Mandatory)]
 	[string]
 	$AppId,

 	[Parameter(Mandatory)]
 	[string[]]
 	$RedirectUris
 )

 $graphBaseUrl = "https://graph.microsoft.com/v1.0/"
 $loginUrl = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"

 $body = @{
 	client_id = $AppId
 	client_secret = $ClientSecret
 	scope = "https://graph.microsoft.com/.default"
 	grant_type = "client_credentials"
 }

 Write-Host "Authenticating with MS Graph"
 $authResponse = Invoke-RestMethod `
 	-Method Post `
 	-Uri $loginUrl `
 	-Body $body `
 	-ContentType "application/x-www-form-urlencoded"

 $tokenType = $authResponse.token_type
 $accessToken = $authResponse.access_token

 $restHeader = @{
 	Authorization = "$tokenType $accessToken"
 }

 $redirectUrisBody = "{`"web`":{`"redirectUris`":[`"$($RedirectUris -join '","')`"]}}"

 Write-Host "Update application $AppId with new redirect urls"
 $patchResponse = Invoke-RestMethod `
 	-Uri "$graphBaseUrl/applications/$AppObjectId" `
 	-Headers $restHeader `
 	-ContentType "application/json" `
 	-Method Patch `
 	-Body $redirectUrisBody
	<#
	.SYNOPSIS
	This script demonstrates how to authenticate with the Microsoft Graph and update the redirect uris for an app registration

	Requirements:

	1. Register an application in the tenant (management app)
	2. Grant the app the following API permissions:
	- Application.ReadWrite.All

	.PARAMETER MgmtAppId
	The ID of the management app which has the proper API permission scopes to perform the action.

	.PARAMETER MgmtAppClientSecret
	The client secret for the management app

	.PARAMETER TenantId
	The tenant id for the Azure AD/B2C tenant where the apps are stored

	.PARAMETER AppId
	The app id of the application where redirect uris should be modified

	.PARAMETER RedirectUris
	Specify the redirect uris as a string array.
	#>
	param (
	[Parameter(Mandatory)]
	[string]
	$MgmtAppId,

	[Parameter(Mandatory)]
	[string]
	$MgmtAppClientSecret,

	[Parameter(Mandatory)]
	[string]
	$TenantId,

	[Parameter(Mandatory)]
	[string]
	$AppId,

	[Parameter(Mandatory)]
	[string[]]
	$RedirectUris
	)

	$graphBaseUrl = "https://graph.microsoft.com/v1.0/"
	$loginUrl = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"

	$body = @{
	client_id = $AppId
	client_secret = $ClientSecret
	scope = "https://graph.microsoft.com/.default"
	grant_type = "client_credentials"
	}

	Write-Host "Authenticating with MS Graph"
	$authResponse = Invoke-RestMethod `
	-Method Post `
	-Uri $loginUrl `
	-Body $body `
	-ContentType "application/x-www-form-urlencoded"

	$tokenType = $authResponse.token_type
	$accessToken = $authResponse.access_token

	$restHeader = @{
	Authorization = "$tokenType $accessToken"
	}

	$redirectUrisBody = "{`"web`":{`"redirectUris`":[`"$($RedirectUris -join '","')`"]}}"

	Write-Host "Update application $AppId with new redirect urls"
	$patchResponse = Invoke-RestMethod `
	-Uri "$graphBaseUrl/applications/$AppObjectId" `
	-Headers $restHeader `
	-ContentType "application/json" `
	-Method Patch `
	-Body $redirectUrisBody