search

microsoftgraph / msgraph-bicep-types

Repo contains Microsoft Graph resource types to integrate with bicep templates.
MIT License
30 stars 3 forks source link

Friendly name for known apps and scopes #129

Open XVincentX opened 1 month ago

XVincentX commented 1 month ago

I have been having struggles with the hardcoded IDs that are everywhere. To give an example, I was trying to create a new App Registration and put inside some scopes that I need approved for Microsoft Graph.

The problem is that the scopes, MS Graph Application ID as well as other well known Microsoft App IDs are unknown and it is relatively unclear where this information is supposed to be found.

I was able to find what I needed by looking at my current app registration manifest that I created through the UI, but otherwise I would have been lost

resource appRegistration 'Microsoft.Graph/applications@v1.0' = {
  uniqueName: serviceName
  displayName: serviceName
  requiredResourceAccess: [
    {
      resourceAppId: '00000003-0000-0000-c000-000000000000' // Seems to be the ID of Microsoft Graph
      resourceAccess: [
        {
          id: '7427e0e9-2fba-42fe-b0c0-848c9e6a8182'
          type: 'Scope'
        }
        {
          id: '9c7a330d-35b3-4aa1-963d-cb2b9f927841'
          type: 'Scope'
        }
        {
          id: 'b4e74841-8e56-480b-be8b-910348b18b4c'
          type: 'Scope'
        }
        {
          id: 'a70e0c2d-e793-494c-94c4-118fa0a67f42'
          type: 'Role'
        }
        {
          id: 'df021288-bdef-4463-88db-98f22de89214'
          type: 'Role'
        }
      ]
    }
  ]
  api: {
    preAuthorizedApplications: [
      {
        appId: '5e3ce6c0-2b1f-4285-8d4b-75ee78787346' // I believe this is Microsoft Teams Web Client
      }
      {
        appId: '1fec8e78-bce4-4aaf-ab1b-5451cc387264' // I believe this is Microsoft Teams Enterprise App
      }
    ]
  }
}

I think it would be useful to either have in the comments/documentation in the types with a quick link to where to find these IDs or even better a custom functions such as getScopeID('Presence.Read.All', 'delegated') and that would to the job for me. Same with apps getMsftApp('Graph') would return the ID

slavizh commented 1 month ago

May I suggest to the Graph folks to may be align with Bicep team due to this issue seems very similar to https://github.com/Azure/bicep/issues/1895. In short Azure has the same problems with built-in roles, policy definitions, etc. May be the solution they are planning could help in Graph resource provider.

dkershaw10 commented 1 month ago

To be honest @slavizh, I would want this improved/fixed in the Microsoft Graph APIs. That way the improvement would be available to all callers across REST, SDKs, PS, CLI and Bicep. Otherwise just fixing in Bicep is putting lipstick on a pig, IMHO.

slavizh commented 1 month ago

@dkershaw10 sure that makes sense as well.