Question 104756 in Azure Question posted in
The official documentation to get you started can be found here.

Azure – AZ REST Command Forbidden

Service Principal does have Application.ReadWrite.OwnedBy API permission but it can’t PATCH using the AZ REST commands.

It can LIST/ GET using AZ REST command.

az rest --method PATCH --uri "https://graph.microsoft.com/v1.0/applications/{OBJECT_ID}" --headers 'Content-Type=application/json' --body  "{web:{redirectUris:['https://URL']}}"

Error:

Forbidden(
{
    "error": {
        "code":"Authorization_RequestDenied",
        "message":"Insufficient privileges to complete the operation.",
        "innerError": {
            "date":"2022-10-13T06:10:41",
            "request-id":"...",
            "client-request-id":"...."
        }
    }
})

Any idea why it says forbidden?

Tags:

2

Answers


  1. 0

    As per the error you mentioned it seems to be delegated permission issue by the admin has to give permission to do that operation. Please check the same on Azure portal in API permission under App Registration

    Login or Signup to reply.
  2. 0

    I tried reproduce in my environment got below results:

    I have an Application with name testvenkat and added " Application.ReadWrite.OwnedBy" api permission and also granted admin consent permission which is shown below:

    enter image description here

    Now I tried the same commands:

    az rest --method PATCH --uri 'https://graph.microsoft.com/v1.0/applications/'<Object ID>' --body "{'web':{'redirectUris':['https://< url >']}}" --headers Content-Type=application/json

    Console:
    enter image description here

    I used the GET method to see my Web-redirectUrl to make sure whether it is updated or not.

    az rest --method GET --uri 'https://graph.microsoft.com/v1.0/applications/<Object-ID>'

    Console:
    enter image description here

    enter image description here

    Portal:
    enter image description here

        "error": {
        "code":"Authorization_RequestDenied",
        "message":"Insufficient privileges to complete the operation.",
        "innerError": {
            "date":"2022-10-13T06:10:41",
            "request-id":"...",
            "client-request-id":"...."
        }
    } })

    Please check the points

    1. Make sure you are logged in correct az login < username > and < password > or az login serviceprincipal < application id > and secrets.
    2. Check whether it has proper role assignments and permission role "owner" .
    3. Also check the api permission "Application.ReadWrite.OwnedBy" has application type in microsoft graph api.

    Reference:
    Microsoft Graph permissions reference – Microsoft Graph | Microsoft Learn

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search