Docs Home
Azure Active Directory (Azure AD) v6.4.0 published on Monday, Apr 7, 2025 by Pulumi
azuread.ApplicationPreAuthorized
Explore with Pulumi AI
Azure Active Directory (Azure AD) v6.4.0 published on Monday, Apr 7, 2025 by Pulumi
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
const authorized = new azuread.ApplicationRegistration("authorized", {displayName: "example-authorized-app"});
const authorizer = new azuread.Application("authorizer", {
displayName: "example-authorizing-app",
api: {
oauth2PermissionScopes: [
{
adminConsentDescription: "Administer the application",
adminConsentDisplayName: "Administer",
enabled: true,
id: "00000000-0000-0000-0000-000000000000",
type: "Admin",
value: "administer",
},
{
adminConsentDescription: "Access the application",
adminConsentDisplayName: "Access",
enabled: true,
id: "11111111-1111-1111-1111-111111111111",
type: "User",
userConsentDescription: "Access the application",
userConsentDisplayName: "Access",
value: "user_impersonation",
},
],
},
});
const example = new azuread.ApplicationPreAuthorized("example", {
applicationId: authorizer.id,
authorizedClientId: authorized.clientId,
permissionIds: [
"00000000-0000-0000-0000-000000000000",
"11111111-1111-1111-1111-111111111111",
],
});
import pulumi
import pulumi_azuread as azuread
authorized = azuread.ApplicationRegistration("authorized", display_name="example-authorized-app")
authorizer = azuread.Application("authorizer",
display_name="example-authorizing-app",
api={
"oauth2_permission_scopes": [
{
"admin_consent_description": "Administer the application",
"admin_consent_display_name": "Administer",
"enabled": True,
"id": "00000000-0000-0000-0000-000000000000",
"type": "Admin",
"value": "administer",
},
{
"admin_consent_description": "Access the application",
"admin_consent_display_name": "Access",
"enabled": True,
"id": "11111111-1111-1111-1111-111111111111",
"type": "User",
"user_consent_description": "Access the application",
"user_consent_display_name": "Access",
"value": "user_impersonation",
},
],
})
example = azuread.ApplicationPreAuthorized("example",
application_id=authorizer.id,
authorized_client_id=authorized.client_id,
permission_ids=[
"00000000-0000-0000-0000-000000000000",
"11111111-1111-1111-1111-111111111111",
])
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
authorized, err := azuread.NewApplicationRegistration(ctx, "authorized", &azuread.ApplicationRegistrationArgs{
DisplayName: pulumi.String("example-authorized-app"),
})
if err != nil {
return err
}
authorizer, err := azuread.NewApplication(ctx, "authorizer", &azuread.ApplicationArgs{
DisplayName: pulumi.String("example-authorizing-app"),
Api: &azuread.ApplicationApiArgs{
Oauth2PermissionScopes: azuread.ApplicationApiOauth2PermissionScopeArray{
&azuread.ApplicationApiOauth2PermissionScopeArgs{
AdminConsentDescription: pulumi.String("Administer the application"),
AdminConsentDisplayName: pulumi.String("Administer"),
Enabled: pulumi.Bool(true),
Id: pulumi.String("00000000-0000-0000-0000-000000000000"),
Type: pulumi.String("Admin"),
Value: pulumi.String("administer"),
},
&azuread.ApplicationApiOauth2PermissionScopeArgs{
AdminConsentDescription: pulumi.String("Access the application"),
AdminConsentDisplayName: pulumi.String("Access"),
Enabled: pulumi.Bool(true),
Id: pulumi.String("11111111-1111-1111-1111-111111111111"),
Type: pulumi.String("User"),
UserConsentDescription: pulumi.String("Access the application"),
UserConsentDisplayName: pulumi.String("Access"),
Value: pulumi.String("user_impersonation"),
},
},
},
})
if err != nil {
return err
}
_, err = azuread.NewApplicationPreAuthorized(ctx, "example", &azuread.ApplicationPreAuthorizedArgs{
ApplicationId: authorizer.ID(),
AuthorizedClientId: authorized.ClientId,
PermissionIds: pulumi.StringArray{
pulumi.String("00000000-0000-0000-0000-000000000000"),
pulumi.String("11111111-1111-1111-1111-111111111111"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var authorized = new AzureAD.ApplicationRegistration("authorized", new()
{
DisplayName = "example-authorized-app",
});
var authorizer = new AzureAD.Application("authorizer", new()
{
DisplayName = "example-authorizing-app",
Api = new AzureAD.Inputs.ApplicationApiArgs
{
Oauth2PermissionScopes = new[]
{
new AzureAD.Inputs.ApplicationApiOauth2PermissionScopeArgs
{
AdminConsentDescription = "Administer the application",
AdminConsentDisplayName = "Administer",
Enabled = true,
Id = "00000000-0000-0000-0000-000000000000",
Type = "Admin",
Value = "administer",
},
new AzureAD.Inputs.ApplicationApiOauth2PermissionScopeArgs
{
AdminConsentDescription = "Access the application",
AdminConsentDisplayName = "Access",
Enabled = true,
Id = "11111111-1111-1111-1111-111111111111",
Type = "User",
UserConsentDescription = "Access the application",
UserConsentDisplayName = "Access",
Value = "user_impersonation",
},
},
},
});
var example = new AzureAD.ApplicationPreAuthorized("example", new()
{
ApplicationId = authorizer.Id,
AuthorizedClientId = authorized.ClientId,
PermissionIds = new[]
{
"00000000-0000-0000-0000-000000000000",
"11111111-1111-1111-1111-111111111111",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.ApplicationRegistration;
import com.pulumi.azuread.ApplicationRegistrationArgs;
import com.pulumi.azuread.Application;
import com.pulumi.azuread.ApplicationArgs;
import com.pulumi.azuread.inputs.ApplicationApiArgs;
import com.pulumi.azuread.ApplicationPreAuthorized;
import com.pulumi.azuread.ApplicationPreAuthorizedArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var authorized = new ApplicationRegistration("authorized", ApplicationRegistrationArgs.builder()
.displayName("example-authorized-app")
.build());
var authorizer = new Application("authorizer", ApplicationArgs.builder()
.displayName("example-authorizing-app")
.api(ApplicationApiArgs.builder()
.oauth2PermissionScopes(
ApplicationApiOauth2PermissionScopeArgs.builder()
.adminConsentDescription("Administer the application")
.adminConsentDisplayName("Administer")
.enabled(true)
.id("00000000-0000-0000-0000-000000000000")
.type("Admin")
.value("administer")
.build(),
ApplicationApiOauth2PermissionScopeArgs.builder()
.adminConsentDescription("Access the application")
.adminConsentDisplayName("Access")
.enabled(true)
.id("11111111-1111-1111-1111-111111111111")
.type("User")
.userConsentDescription("Access the application")
.userConsentDisplayName("Access")
.value("user_impersonation")
.build())
.build())
.build());
var example = new ApplicationPreAuthorized("example", ApplicationPreAuthorizedArgs.builder()
.applicationId(authorizer.id())
.authorizedClientId(authorized.clientId())
.permissionIds(
"00000000-0000-0000-0000-000000000000",
"11111111-1111-1111-1111-111111111111")
.build());
}
}
resources:
authorized:
type: azuread:ApplicationRegistration
properties:
displayName: example-authorized-app
authorizer:
type: azuread:Application
properties:
displayName: example-authorizing-app
api:
oauth2PermissionScopes:
- adminConsentDescription: Administer the application
adminConsentDisplayName: Administer
enabled: true
id: 00000000-0000-0000-0000-000000000000
type: Admin
value: administer
- adminConsentDescription: Access the application
adminConsentDisplayName: Access
enabled: true
id: 11111111-1111-1111-1111-111111111111
type: User
userConsentDescription: Access the application
userConsentDisplayName: Access
value: user_impersonation
example:
type: azuread:ApplicationPreAuthorized
properties:
applicationId: ${authorizer.id}
authorizedClientId: ${authorized.clientId}
permissionIds:
- 00000000-0000-0000-0000-000000000000
- 11111111-1111-1111-1111-111111111111
Create ApplicationPreAuthorized Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ApplicationPreAuthorized(name: string, args: ApplicationPreAuthorizedArgs, opts?: CustomResourceOptions);@overload
def ApplicationPreAuthorized(resource_name: str,
args: ApplicationPreAuthorizedArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ApplicationPreAuthorized(resource_name: str,
opts: Optional[ResourceOptions] = None,
application_id: Optional[str] = None,
authorized_client_id: Optional[str] = None,
permission_ids: Optional[Sequence[str]] = None)func NewApplicationPreAuthorized(ctx *Context, name string, args ApplicationPreAuthorizedArgs, opts ...ResourceOption) (*ApplicationPreAuthorized, error)public ApplicationPreAuthorized(string name, ApplicationPreAuthorizedArgs args, CustomResourceOptions? opts = null)
public ApplicationPreAuthorized(String name, ApplicationPreAuthorizedArgs args)
public ApplicationPreAuthorized(String name, ApplicationPreAuthorizedArgs args, CustomResourceOptions options)
type: azuread:ApplicationPreAuthorized
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ApplicationPreAuthorizedArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ApplicationPreAuthorizedArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ApplicationPreAuthorizedArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ApplicationPreAuthorizedArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ApplicationPreAuthorizedArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var applicationPreAuthorizedResource = new AzureAD.ApplicationPreAuthorized("applicationPreAuthorizedResource", new()
{
ApplicationId = "string",
AuthorizedClientId = "string",
PermissionIds = new[]
{
"string",
},
});
example, err := azuread.NewApplicationPreAuthorized(ctx, "applicationPreAuthorizedResource", &azuread.ApplicationPreAuthorizedArgs{
ApplicationId: pulumi.String("string"),
AuthorizedClientId: pulumi.String("string"),
PermissionIds: pulumi.StringArray{
pulumi.String("string"),
},
})
var applicationPreAuthorizedResource = new ApplicationPreAuthorized("applicationPreAuthorizedResource", ApplicationPreAuthorizedArgs.builder()
.applicationId("string")
.authorizedClientId("string")
.permissionIds("string")
.build());
application_pre_authorized_resource = azuread.ApplicationPreAuthorized("applicationPreAuthorizedResource",
application_id="string",
authorized_client_id="string",
permission_ids=["string"])
const applicationPreAuthorizedResource = new azuread.ApplicationPreAuthorized("applicationPreAuthorizedResource", {
applicationId: "string",
authorizedClientId: "string",
permissionIds: ["string"],
});
type: azuread:ApplicationPreAuthorized
properties:
applicationId: string
authorizedClientId: string
permissionIds:
- string
ApplicationPreAuthorized Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ApplicationPreAuthorized resource accepts the following input properties:
- Application
Id string - The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.
- string
- The client ID of the application being authorized. Changing this field forces a new resource to be created.
- Permission
Ids List<string> - A set of permission scope IDs required by the authorized application.
- Application
Id string - The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.
- string
- The client ID of the application being authorized. Changing this field forces a new resource to be created.
- Permission
Ids []string - A set of permission scope IDs required by the authorized application.
- application
Id String - The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.
- String
- The client ID of the application being authorized. Changing this field forces a new resource to be created.
- permission
Ids List<String> - A set of permission scope IDs required by the authorized application.
- application
Id string - The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.
- string
- The client ID of the application being authorized. Changing this field forces a new resource to be created.
- permission
Ids string[] - A set of permission scope IDs required by the authorized application.
- application_
id str - The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.
- str
- The client ID of the application being authorized. Changing this field forces a new resource to be created.
- permission_
ids Sequence[str] - A set of permission scope IDs required by the authorized application.
- application
Id String - The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.
- String
- The client ID of the application being authorized. Changing this field forces a new resource to be created.
- permission
Ids List<String> - A set of permission scope IDs required by the authorized application.
Outputs
All input properties are implicitly available as output properties. Additionally, the ApplicationPreAuthorized resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ApplicationPreAuthorized Resource
Get an existing ApplicationPreAuthorized resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ApplicationPreAuthorizedState, opts?: CustomResourceOptions): ApplicationPreAuthorized@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
application_id: Optional[str] = None,
authorized_client_id: Optional[str] = None,
permission_ids: Optional[Sequence[str]] = None) -> ApplicationPreAuthorizedfunc GetApplicationPreAuthorized(ctx *Context, name string, id IDInput, state *ApplicationPreAuthorizedState, opts ...ResourceOption) (*ApplicationPreAuthorized, error)public static ApplicationPreAuthorized Get(string name, Input<string> id, ApplicationPreAuthorizedState? state, CustomResourceOptions? opts = null)public static ApplicationPreAuthorized get(String name, Output<String> id, ApplicationPreAuthorizedState state, CustomResourceOptions options)resources: _: type: azuread:ApplicationPreAuthorized get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Application
Id string - The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.
- string
- The client ID of the application being authorized. Changing this field forces a new resource to be created.
- Permission
Ids List<string> - A set of permission scope IDs required by the authorized application.
- Application
Id string - The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.
- string
- The client ID of the application being authorized. Changing this field forces a new resource to be created.
- Permission
Ids []string - A set of permission scope IDs required by the authorized application.
- application
Id String - The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.
- String
- The client ID of the application being authorized. Changing this field forces a new resource to be created.
- permission
Ids List<String> - A set of permission scope IDs required by the authorized application.
- application
Id string - The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.
- string
- The client ID of the application being authorized. Changing this field forces a new resource to be created.
- permission
Ids string[] - A set of permission scope IDs required by the authorized application.
- application_
id str - The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.
- str
- The client ID of the application being authorized. Changing this field forces a new resource to be created.
- permission_
ids Sequence[str] - A set of permission scope IDs required by the authorized application.
- application
Id String - The resource ID of the application for which permissions are being authorized. Changing this field forces a new resource to be created.
- String
- The client ID of the application being authorized. Changing this field forces a new resource to be created.
- permission
Ids List<String> - A set of permission scope IDs required by the authorized application.
Import
Pre-authorized applications can be imported using the object ID of the authorizing application and the application ID of the application being authorized, e.g.
$ pulumi import azuread:index/applicationPreAuthorized:ApplicationPreAuthorized example 00000000-0000-0000-0000-000000000000/preAuthorizedApplication/11111111-1111-1111-1111-111111111111
-> This ID format is unique to Terraform and is composed of the authorizing application’s object ID, the string “preAuthorizedApplication” and the authorized application’s application ID (client ID) in the format {ObjectId}/preAuthorizedApplication/{ApplicationId}.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azureadTerraform Provider.
Azure Active Directory (Azure AD) v6.4.0 published on Monday, Apr 7, 2025 by Pulumi