ApplicationOAuth2Permission

Manages an OAuth2 Permission (also known as a Scope) associated with an Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write all applications and Sign in and read user profile within the Windows Azure Active Directory API.

Example Usage

using Pulumi;
using AzureAD = Pulumi.AzureAD;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleApplication = new AzureAD.Application("exampleApplication", new AzureAD.ApplicationArgs
        {
        });
        var exampleApplicationOAuth2Permission = new AzureAD.ApplicationOAuth2Permission("exampleApplicationOAuth2Permission", new AzureAD.ApplicationOAuth2PermissionArgs
        {
            ApplicationObjectId = exampleApplication.Id,
            AdminConsentDescription = "Administer the application",
            AdminConsentDisplayName = "Administer",
            IsEnabled = true,
            Type = "User",
            UserConsentDescription = "Administer the application",
            UserConsentDisplayName = "Administer",
            Value = "administer",
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-azuread/sdk/v4/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleApplication, err := azuread.NewApplication(ctx, "exampleApplication", nil)
		if err != nil {
			return err
		}
		_, err = azuread.NewApplicationOAuth2Permission(ctx, "exampleApplicationOAuth2Permission", &azuread.ApplicationOAuth2PermissionArgs{
			ApplicationObjectId:     exampleApplication.ID(),
			AdminConsentDescription: pulumi.String("Administer the application"),
			AdminConsentDisplayName: pulumi.String("Administer"),
			IsEnabled:               pulumi.Bool(true),
			Type:                    pulumi.String("User"),
			UserConsentDescription:  pulumi.String("Administer the application"),
			UserConsentDisplayName:  pulumi.String("Administer"),
			Value:                   pulumi.String("administer"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_azuread as azuread

example_application = azuread.Application("exampleApplication")
example_application_o_auth2_permission = azuread.ApplicationOAuth2Permission("exampleApplicationOAuth2Permission",
    application_object_id=example_application.id,
    admin_consent_description="Administer the application",
    admin_consent_display_name="Administer",
    is_enabled=True,
    type="User",
    user_consent_description="Administer the application",
    user_consent_display_name="Administer",
    value="administer")
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";

const exampleApplication = new azuread.Application("exampleApplication", {});
const exampleApplicationOAuth2Permission = new azuread.ApplicationOAuth2Permission("exampleApplicationOAuth2Permission", {
    applicationObjectId: exampleApplication.id,
    adminConsentDescription: "Administer the application",
    adminConsentDisplayName: "Administer",
    isEnabled: true,
    type: "User",
    userConsentDescription: "Administer the application",
    userConsentDisplayName: "Administer",
    value: "administer",
});

Create a ApplicationOAuth2Permission Resource

new ApplicationOAuth2Permission(name: string, args: ApplicationOAuth2PermissionArgs, opts?: CustomResourceOptions);
@overload
def ApplicationOAuth2Permission(resource_name: str,
                                opts: Optional[ResourceOptions] = None,
                                admin_consent_description: Optional[str] = None,
                                admin_consent_display_name: Optional[str] = None,
                                application_object_id: Optional[str] = None,
                                is_enabled: Optional[bool] = None,
                                permission_id: Optional[str] = None,
                                type: Optional[str] = None,
                                user_consent_description: Optional[str] = None,
                                user_consent_display_name: Optional[str] = None,
                                value: Optional[str] = None)
@overload
def ApplicationOAuth2Permission(resource_name: str,
                                args: ApplicationOAuth2PermissionArgs,
                                opts: Optional[ResourceOptions] = None)
func NewApplicationOAuth2Permission(ctx *Context, name string, args ApplicationOAuth2PermissionArgs, opts ...ResourceOption) (*ApplicationOAuth2Permission, error)
public ApplicationOAuth2Permission(string name, ApplicationOAuth2PermissionArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args ApplicationOAuth2PermissionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ApplicationOAuth2PermissionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ApplicationOAuth2PermissionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ApplicationOAuth2PermissionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

ApplicationOAuth2Permission Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The ApplicationOAuth2Permission resource accepts the following input properties:

AdminConsentDescription string
Permission help text that appears in the admin consent and app assignment experiences.
AdminConsentDisplayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
ApplicationObjectId string
The Object ID of the Application for which this Permission should be created. Changing this field forces a new resource to be created.
Type string
Specifies whether this scope permission can be consented to by an end user, or whether it is a tenant-wide permission that must be consented to by an Administrator. Possible values are “User” or “Admin”.
UserConsentDescription string
Permission help text that appears in the end user consent experience.
UserConsentDisplayName string
Display name for the permission that appears in the end user consent experience.
Value string
The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.
IsEnabled bool
Determines if the Permission is enabled. Defaults to true.
PermissionId string
Specifies a custom UUID for the Permission. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
AdminConsentDescription string
Permission help text that appears in the admin consent and app assignment experiences.
AdminConsentDisplayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
ApplicationObjectId string
The Object ID of the Application for which this Permission should be created. Changing this field forces a new resource to be created.
Type string
Specifies whether this scope permission can be consented to by an end user, or whether it is a tenant-wide permission that must be consented to by an Administrator. Possible values are “User” or “Admin”.
UserConsentDescription string
Permission help text that appears in the end user consent experience.
UserConsentDisplayName string
Display name for the permission that appears in the end user consent experience.
Value string
The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.
IsEnabled bool
Determines if the Permission is enabled. Defaults to true.
PermissionId string
Specifies a custom UUID for the Permission. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
adminConsentDescription string
Permission help text that appears in the admin consent and app assignment experiences.
adminConsentDisplayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
applicationObjectId string
The Object ID of the Application for which this Permission should be created. Changing this field forces a new resource to be created.
type string
Specifies whether this scope permission can be consented to by an end user, or whether it is a tenant-wide permission that must be consented to by an Administrator. Possible values are “User” or “Admin”.
userConsentDescription string
Permission help text that appears in the end user consent experience.
userConsentDisplayName string
Display name for the permission that appears in the end user consent experience.
value string
The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.
isEnabled boolean
Determines if the Permission is enabled. Defaults to true.
permissionId string
Specifies a custom UUID for the Permission. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
admin_consent_description str
Permission help text that appears in the admin consent and app assignment experiences.
admin_consent_display_name str
Display name for the permission that appears in the admin consent and app assignment experiences.
application_object_id str
The Object ID of the Application for which this Permission should be created. Changing this field forces a new resource to be created.
type str
Specifies whether this scope permission can be consented to by an end user, or whether it is a tenant-wide permission that must be consented to by an Administrator. Possible values are “User” or “Admin”.
user_consent_description str
Permission help text that appears in the end user consent experience.
user_consent_display_name str
Display name for the permission that appears in the end user consent experience.
value str
The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.
is_enabled bool
Determines if the Permission is enabled. Defaults to true.
permission_id str
Specifies a custom UUID for the Permission. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.

Outputs

All input properties are implicitly available as output properties. Additionally, the ApplicationOAuth2Permission resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing ApplicationOAuth2Permission Resource

Get an existing ApplicationOAuth2Permission resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ApplicationOAuth2PermissionState, opts?: CustomResourceOptions): ApplicationOAuth2Permission
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        admin_consent_description: Optional[str] = None,
        admin_consent_display_name: Optional[str] = None,
        application_object_id: Optional[str] = None,
        is_enabled: Optional[bool] = None,
        permission_id: Optional[str] = None,
        type: Optional[str] = None,
        user_consent_description: Optional[str] = None,
        user_consent_display_name: Optional[str] = None,
        value: Optional[str] = None) -> ApplicationOAuth2Permission
func GetApplicationOAuth2Permission(ctx *Context, name string, id IDInput, state *ApplicationOAuth2PermissionState, opts ...ResourceOption) (*ApplicationOAuth2Permission, error)
public static ApplicationOAuth2Permission Get(string name, Input<string> id, ApplicationOAuth2PermissionState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AdminConsentDescription string
Permission help text that appears in the admin consent and app assignment experiences.
AdminConsentDisplayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
ApplicationObjectId string
The Object ID of the Application for which this Permission should be created. Changing this field forces a new resource to be created.
IsEnabled bool
Determines if the Permission is enabled. Defaults to true.
PermissionId string
Specifies a custom UUID for the Permission. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
Type string
Specifies whether this scope permission can be consented to by an end user, or whether it is a tenant-wide permission that must be consented to by an Administrator. Possible values are “User” or “Admin”.
UserConsentDescription string
Permission help text that appears in the end user consent experience.
UserConsentDisplayName string
Display name for the permission that appears in the end user consent experience.
Value string
The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.
AdminConsentDescription string
Permission help text that appears in the admin consent and app assignment experiences.
AdminConsentDisplayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
ApplicationObjectId string
The Object ID of the Application for which this Permission should be created. Changing this field forces a new resource to be created.
IsEnabled bool
Determines if the Permission is enabled. Defaults to true.
PermissionId string
Specifies a custom UUID for the Permission. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
Type string
Specifies whether this scope permission can be consented to by an end user, or whether it is a tenant-wide permission that must be consented to by an Administrator. Possible values are “User” or “Admin”.
UserConsentDescription string
Permission help text that appears in the end user consent experience.
UserConsentDisplayName string
Display name for the permission that appears in the end user consent experience.
Value string
The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.
adminConsentDescription string
Permission help text that appears in the admin consent and app assignment experiences.
adminConsentDisplayName string
Display name for the permission that appears in the admin consent and app assignment experiences.
applicationObjectId string
The Object ID of the Application for which this Permission should be created. Changing this field forces a new resource to be created.
isEnabled boolean
Determines if the Permission is enabled. Defaults to true.
permissionId string
Specifies a custom UUID for the Permission. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
type string
Specifies whether this scope permission can be consented to by an end user, or whether it is a tenant-wide permission that must be consented to by an Administrator. Possible values are “User” or “Admin”.
userConsentDescription string
Permission help text that appears in the end user consent experience.
userConsentDisplayName string
Display name for the permission that appears in the end user consent experience.
value string
The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.
admin_consent_description str
Permission help text that appears in the admin consent and app assignment experiences.
admin_consent_display_name str
Display name for the permission that appears in the admin consent and app assignment experiences.
application_object_id str
The Object ID of the Application for which this Permission should be created. Changing this field forces a new resource to be created.
is_enabled bool
Determines if the Permission is enabled. Defaults to true.
permission_id str
Specifies a custom UUID for the Permission. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
type str
Specifies whether this scope permission can be consented to by an end user, or whether it is a tenant-wide permission that must be consented to by an Administrator. Possible values are “User” or “Admin”.
user_consent_description str
Permission help text that appears in the end user consent experience.
user_consent_display_name str
Display name for the permission that appears in the end user consent experience.
value str
The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.

Import

OAuth2 Permissions can be imported using the object id of an Application and the id of the Permission, e.g.

 $ pulumi import azuread:index/applicationOAuth2Permission:ApplicationOAuth2Permission test 00000000-0000-0000-0000-000000000000/scope/11111111-1111-1111-1111-111111111111

Package Details

Repository
https://github.com/pulumi/pulumi-azuread
License
Apache-2.0
Notes
This Pulumi package is based on the azuread Terraform Provider.