Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add --allowPublicClientFlow option to entra app add/set commands #5870

Closed
martinlingstuyl opened this issue Feb 25, 2024 · 4 comments
Closed

Add --allowPublicClientFlow option to entra app add/set commands #5870

martinlingstuyl opened this issue Feb 25, 2024 · 4 comments
Assignees
@mkm17
Labels
enhancement
Milestone
v7.7

Comments

@martinlingstuyl
Copy link
Contributor

martinlingstuyl commented Feb 25, 2024
edited
Loading

When creating a custom identity for the CLI, one of the steps is to flip a switch in the azure portal:

Allow Public Clients Flow
image

After which the device code flow can be used.

It would be nice to have a oneliner that can create a CLI identity app registration.

m365 entra app add --name "CLI identity" --apisDelegated "https://graph.microsoft.com/Sites.ReadWrite.All,https://graph.microsoft.com/User.Read" --platform publicClient --redirectUris "https://login.microsoftonline.com/common/oauth2/nativeclient" --grantAdminConsent

However, within the CLI we don't have an option for enabling the above mentioned toggle. We can create the app using a manifest, but that's quite complicated. We should add a flag option to do just that:

Options

For entra app add:

Option Description
--allowPublicClientFlows Enable the allow public client flows feature on the app registration.

For entra app set:

Option Description
--allowPublicClientFlows [allowPublicClientFlows] Set to true to enable the allow public client flows feature on the app registration.

Implementation

The Microsoft Graph does not have a property to do this. So in the CLI we should update the app using the manifest.

We're talking about the following manifest property:

https://learn.microsoft.com/en-us/entra/identity-platform/reference-app-manifest#allowpublicclient-attribute
@martinlingstuyl martinlingstuyl added enhancement needs peer review Needs second pair of eyes to review the spec or PR labels Feb 25, 2024
@milanholemans
Copy link
Contributor

Looks like a great suggestion to me 👍

@milanholemans milanholemans added help wanted and removed needs peer review Needs second pair of eyes to review the spec or PR labels Feb 25, 2024
@milanholemans
Copy link
Contributor

Additionally, we could add a working example to this docs page: https://pnp.github.io/cli-microsoft365/user-guide/using-own-identity

@Adam-it
Copy link
Member

Adam-it commented Feb 26, 2024

Awesome suggestion and I had the same idea when reading your latest blog about sites.selected permissions 😉.
You Rock 👏🤩

@Adam-it Adam-it mentioned this issue Mar 8, 2024
Open
@mkm17
Copy link
Contributor

mkm17 commented Mar 10, 2024

@Adam-it @martinlingstuyl ok as we discussed in #1963, you can assign me to this one as well

mkm17 added a commit to mkm17/cli-microsoft365 that referenced this issue Mar 12, 2024
@mkm17
pnp#5870 Add allowPublicClientFlow option to entra app add/set commands
f924534
@mkm17 mkm17 mentioned this issue Mar 12, 2024
Closed
mkm17 added a commit to mkm17/cli-microsoft365 that referenced this issue Mar 13, 2024
@mkm17
pnp#5870 Add allowPublicClientFlow option to entra app add/set commands
283f340
mkm17 added a commit to mkm17/cli-microsoft365 that referenced this issue Apr 2, 2024
@mkm17
Adda allowPublicClientFlow option to entra app add/set commands pnp#5870
3f4f23d
@martinlingstuyl martinlingstuyl added this to the v7.7 milestone Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mkm17 mkm17

Labels
enhancement
Projects
None yet
Milestone
v7.7
4 participants
@martinlingstuyl @milanholemans @mkm17 @Adam-it