Added JavaScript version of Create PCA script, and removed platfrom specific Bash and PowerShell ones.
This commit is contained in:
@@ -1,156 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Create the PCA for loggin in to Entra ID
|
||||
function usage() {
|
||||
echo "Usage: $0 [options]"
|
||||
echo "Options:"
|
||||
echo " -n, --app-name <name> Application display name (required)"
|
||||
echo " -h, --help Show this help message and exit"
|
||||
}
|
||||
|
||||
function main() {
|
||||
local APP_NAME=""
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
-h|--help)
|
||||
usage
|
||||
echo "Options:"
|
||||
echo " -h, --help Show this help message and exit"
|
||||
exit 0
|
||||
;;
|
||||
-n|--app-name)
|
||||
APP_NAME="$2"
|
||||
shift 2
|
||||
;;
|
||||
-*)
|
||||
echo "Unknown option: $1"
|
||||
echo "Use -h or --help for usage information."
|
||||
exit 1
|
||||
;;
|
||||
*) # Leave the rest of the arguments for the script to process
|
||||
break
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ -z "$APP_NAME" ]]; then
|
||||
echo "Error: Application name is required."
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Find the app by name
|
||||
APP_ID=$(az ad app list --display-name "$APP_NAME" --query "[0].appId" -o tsv)
|
||||
if [[ -n "$APP_ID" ]]; then
|
||||
local USER_CONFIRMATION
|
||||
read -r -p "Application '$APP_NAME' already exists. Update it? [y/N]: " USER_CONFIRMATION
|
||||
if [[ ! "$USER_CONFIRMATION" =~ ^([yY][eE][sS]|[yY])$ ]]; then
|
||||
echo "Canceled."
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
# Create the app when it does not already exist.
|
||||
if [[ -z "$APP_ID" ]]; then
|
||||
APP_ID=$(az ad app create --display-name "$APP_NAME" --query "appId" -o tsv)
|
||||
if [[ -z "$APP_ID" ]]; then
|
||||
echo "Error: Failed to create application '$APP_NAME'."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
local M365_GRAPH_APP_ID="00000003-0000-0000-c000-000000000000"
|
||||
local M365_GRAPH_SCOPE_ID="0e263e50-5827-48a4-b97c-d940288653c7"
|
||||
local AZURE_SERVICE_MGMT_APP_ID="797f4846-ba00-4fd7-ba43-dac1f8f63013"
|
||||
local AZURE_SERVICE_MGMT_SCOPE_ID="41094075-9dad-400e-a0bd-54e686782033"
|
||||
local AZURE_DEVOPS_APP_ID="499b84ac-1321-427f-aa17-267ca6975798"
|
||||
local AZURE_DEVOPS_SCOPE_ID="ee69721e-6c3a-468f-a9ec-302d16a4c599"
|
||||
|
||||
local REQUIRED_RESOURCE_ACCESS_JSON
|
||||
REQUIRED_RESOURCE_ACCESS_JSON=$(cat <<EOF
|
||||
[
|
||||
{
|
||||
"resourceAppId": "${M365_GRAPH_APP_ID}",
|
||||
"resourceAccess": [
|
||||
{
|
||||
"id": "${M365_GRAPH_SCOPE_ID}",
|
||||
"type": "Scope"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"resourceAppId": "${AZURE_DEVOPS_APP_ID}",
|
||||
"resourceAccess": [
|
||||
{
|
||||
"id": "${AZURE_DEVOPS_SCOPE_ID}",
|
||||
"type": "Scope"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"resourceAppId": "${AZURE_SERVICE_MGMT_APP_ID}",
|
||||
"resourceAccess": [
|
||||
{
|
||||
"id": "${AZURE_SERVICE_MGMT_SCOPE_ID}",
|
||||
"type": "Scope"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
EOF
|
||||
)
|
||||
|
||||
local REQUIRED_RESOURCE_ACCESS_FILE
|
||||
REQUIRED_RESOURCE_ACCESS_FILE=$(mktemp)
|
||||
echo "$REQUIRED_RESOURCE_ACCESS_JSON" > "$REQUIRED_RESOURCE_ACCESS_FILE"
|
||||
|
||||
# Configure app to match "Azure Node Playground Public".
|
||||
az ad app update \
|
||||
--id "$APP_ID" \
|
||||
--sign-in-audience AzureADMyOrg \
|
||||
--is-fallback-public-client true \
|
||||
--required-resource-accesses @"$REQUIRED_RESOURCE_ACCESS_FILE" \
|
||||
--public-client-redirect-uris "http://localhost" "msal${APP_ID}://auth" \
|
||||
--enable-access-token-issuance true \
|
||||
--enable-id-token-issuance true \
|
||||
1>/dev/null
|
||||
local UPDATE_EXIT_CODE=$?
|
||||
rm -f "$REQUIRED_RESOURCE_ACCESS_FILE"
|
||||
if [[ $UPDATE_EXIT_CODE -ne 0 ]]; then
|
||||
echo "Error: Failed to configure application '$APP_NAME' ($APP_ID)."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Ensure service principal exists before granting tenant-wide admin consent.
|
||||
az ad sp create --id "$APP_ID" 1>/dev/null 2>/dev/null || true
|
||||
|
||||
# Grant admin consent for configured delegated permissions.
|
||||
az ad app permission admin-consent --id "$APP_ID" 1>/dev/null
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "Error: Failed to grant admin consent for '$APP_NAME' ($APP_ID)."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
local TENANT_ID
|
||||
TENANT_ID=$(az account show --query tenantId -o tsv)
|
||||
if [[ -z "$TENANT_ID" ]]; then
|
||||
echo "Error: Failed to resolve tenantId from current Azure CLI context."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z "$USER_CONFIRMATION" ]]; then
|
||||
echo "Created application '$APP_NAME'"
|
||||
else
|
||||
echo "Updated application '$APP_NAME'"
|
||||
fi
|
||||
echo "appId: $APP_ID"
|
||||
cat <<EOF
|
||||
export const config = {
|
||||
"appName": "$APP_NAME",
|
||||
"tenantId": "$TENANT_ID",
|
||||
"clientId": "$APP_ID"
|
||||
};
|
||||
EOF
|
||||
}
|
||||
|
||||
main "$@"
|
||||
Reference in New Issue
Block a user