I cannot migrate my CSP APP with the api.partnercenter.microsoft.com/v1/customers/{<customer_id>}/applicationconsents api. I’ve used https://learn.microsoft.com/en-us/partner-center/developer/gdap-and-secure-application-model and https://tminus365.com/my-automations-break-with-gdap-the-fix/ to migrate the CSP app, but i only get resource not found errors.
I did the following:
-
Ive created the OBO account and via PIM, eligible for global admin when accessing access token.
-
Added the account to a newly created Security group and added the SG to the Admin relationship with application administrator permissions in the GDAP relation
-
Created a new App:
-
Set the permissions on the application
After the setup I tried to get the access token and tried to consent the app the powershellcmdlet New-PartnerCustomerApplicationConsent, but got the following error: "Resource ” does not exist or one of its queried reference-property objects are not present."
Script used:
$AppId = ''
$AppSecret = ''
$consentscope = 'https://api.partnercenter.microsoft.com/user_impersonation'
$AppCredential = (New-Object System.Management.Automation.PSCredential ($AppId, (ConvertTo-SecureString $AppSecret -AsPlainText -Force)))
$PartnerTenantid = ''
$AppDisplayName = 'test-obo-sp'
# Get PartnerAccessToken token
$PartnerAccessToken = New-PartnerAccessToken -serviceprincipal -ApplicationId $AppId -Credential $AppCredential -Scopes $consentscope -tenant $PartnerTenantid -UseAuthorizationCode
$CustomerTenantId = ''
#create obo consent
$PartnerCenter = Connect-PartnerCenter -AccessToken $PartnerAccessToken.AccessToken
#Grants needed
$MSGraphgrant = New-Object -TypeName Microsoft.Store.PartnerCenter.Models.ApplicationConsents.ApplicationGrant
$MSgraphgrant.EnterpriseApplicationId = "00000003-0000-0000-c000-000000000000"
$MSGraphgrant.Scope = "User.Read.All,"
New-PartnerCustomerApplicationConsent -ApplicationGrants @($MSGraphgrant) -CustomerId $CustomerTenantId -ApplicationId $AppId -DisplayName $appdisplayname`
Error:
Line |
21 | New-PartnerCustomerApplicationConsent -ApplicationGrants @($MSGraphgr …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| { "error": { "code": "Request_ResourceNotFound", "message": "Resource ” does not exist or one of its queried reference-property objects are not present.",
| "innerError": { "date": "2023-09-01T11:20:12", "request-id": "9d9d96e0-4dbc-4dd1-aaed-3af3d6e8e700", "client-request-id":
| "9d9d96e0-4dbc-4dd1-aaed-3af3d6e8e700" } } }
I get the same error via the powershell module aswell as directly via REST
When I try to manually consent the app via a global admin account in the customer tenant (https://login.microsoftonline.com/%7Bcustomertenant%7D.onmicrosoft.com/adminconsent?client_id={appid}), I get no issues. But I have a lot of customers to manage and cant consent them all manually.
2
Answers
We are experiencing the exact same problem. Both the API directly and this command. Only for specific customers. Opened up a case at MS. Will post an update when we managed to get any closer to the solution.
Also getting the same issue and error.
I followed https://tminus365.com/my-automations-break-with-gdap-the-fix/ a couple of weeks ago and was all working. Did the same thing this week and have the "resource ” does not exist or one of its queried reference-property objects are not present error"