-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathAzure-List-API-Permissions-Guids.ps1
44 lines (37 loc) · 1.58 KB
/
Azure-List-API-Permissions-Guids.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
param(
[Parameter(Mandatory = $false)]
[Switch]
$showDelegatedScopes = $true,
[Parameter(Mandatory = $false)]
[Switch]
$showAppRoles = $true,
[Parameter(Mandatory = $false)]
[Switch]
$showLegacyApis = $false
)
Write-Host ">> Listing Requested API Permission Guids"
Write-Host "> Showing Microsoft Graph API delegated Scopes: " $showDelegatedScopes
Write-Host "> Showing Microsoft Graph API App Roles: " $showAppRoles
Write-Host "> Showing Legacy Azure AD API Roles: " $showLegacyApis
Write-Host ""
if ($showDelegatedScopes)
{
Write-Host "Listing Microsoft Graph API Permission Scope Guids"
Write-Host "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
az ad sp list --filter "displayName eq 'Microsoft Graph'" --query '[].oauth2Permissions[].{Value:value, Id:id, UserConsentDisplayName:userConsentDisplayName}' -o table
Write-Host ""
}
if ($showAppRoles)
{
Write-Host "Listing Microsoft Graph API Permission Application Role Guids"
Write-Host "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
az ad sp list --filter "displayName eq 'Microsoft Graph'" --query '[].appRoles[].{Value:value, Id:id, UserConsentDisplayName:userConsentDisplayName}' -o table
Write-Host ""
}
if ($showLegacyApis)
{
Write-Host "Listing Azure Active Directory Legacy API Permission Guids"
Write-Host "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
az ad sp list --filter "displayName eq 'Microsoft.Azure.ActiveDirectory'" --query '[].oauth2Permissions[].{Value:value, Id:id, UserConsentDisplayName:userConsentDisplayName}' -o table
Write-Host ""
}