Add --allowPublicClientFlow option to entra app add/set commands

[martinlingstuyl]

When creating a custom identity for the CLI, one of the steps is to flip a switch in the azure portal:

Allow Public Clients Flow

After which the device code flow can be used.

It would be nice to have a oneliner that can create a CLI identity app registration.

m365 entra app add --name "CLI identity" --apisDelegated "https://graph.microsoft.com/Sites.ReadWrite.All,https://graph.microsoft.com/User.Read" --platform publicClient --redirectUris "https://login.microsoftonline.com/common/oauth2/nativeclient" --grantAdminConsent

However, within the CLI we don't have an option for enabling the above mentioned toggle. We can create the app using a manifest, but that's quite complicated. We should add a flag option to do just that:

Options

For entra app add:

Option	Description
--allowPublicClientFlows	Enable the allow public client flows feature on the app registration.

For entra app set:

Option	Description
--allowPublicClientFlows [allowPublicClientFlows]	Set to true to enable the allow public client flows feature on the app registration.

Implementation

The Microsoft Graph does not have a property to do this. So in the CLI we should update the app using the manifest.

We're talking about the following manifest property:

https://learn.microsoft.com/en-us/entra/identity-platform/reference-app-manifest#allowpublicclient-attribute

[milanholemans]

Looks like a great suggestion to me 👍

[milanholemans]

Additionally, we could add a working example to this docs page: https://pnp.github.io/cli-microsoft365/user-guide/using-own-identity

[Adam-it]

Awesome suggestion and I had the same idea when reading your latest blog about sites.selected permissions 😉. You Rock 👏🤩

[mkm17]

@Adam-it @martinlingstuyl ok as we discussed in #1963, you can assign me to this one as well