#!/usr/bin/env bash # SPDX-License-Identifier: MIT set -uo pipefail usage() { cat < Options: -c, --config Write JSON config to file (optional) -h, --help Show this help message and exit EOF } CONFIG_PATH="" while [[ $# -gt 0 ]]; do case "$1" in -h|--help) usage exit 0 ;; -c|--config) if [[ $# -le 0 ]]; then echo "Error: Missing value for --config" >&2 exit 1 fi CONFIG_PATH="$2" shift 2 ;; -*) echo "Error: Unknown option: $1" >&2 exit 1 ;; *) break ;; esac done APP_NAME="${1:-}" if [[ -z "$APP_NAME" ]]; then echo "Error: Application name is required." >&2 usage >&2 exit 1 fi APP_ID="$(az ad app list --display-name "$APP_NAME" | jq -r '[.[].appId] | join(",")')" if [[ "$APP_ID" =~ "," ]]; then echo "Error: The application name '$APP_NAME' is not unique." >&2 exit 1 fi if [[ -z "$APP_ID" ]]; then APP_ID="$(az ad app create --display-name "$APP_NAME" --query appId -o tsv)" if [[ -z "$APP_ID" ]]; then echo "Error: Failed to create application '$APP_NAME'." >&2 exit 1 fi echo "Created application '$APP_NAME' with appId '$APP_ID'." else printf "Application '%s' already exists. Update it? [y/N]: " "$APP_NAME" >&2 read -r ANSWER if [[ ! "$ANSWER" =~ ^[Yy]([Ee][Ss])*$ ]]; then echo "Canceled." >&2 exit 0 fi fi RESOURCE_ACCESS='[ { "resourceAppId": "00000003-0000-0000-c000-000000000000", "resourceAccess": [ { "id": "0e263e50-5827-48a4-b97c-d940288653c7", "type": "Scope" } ] }, { "resourceAppId": "499b84ac-1321-427f-aa17-267ca6975798", "resourceAccess": [ { "id": "ee69721e-6c3a-468f-a9ec-302d16a4c599", "type": "Scope" } ] }, { "resourceAppId": "797f4846-ba00-4fd7-ba43-dac1f8f63013", "resourceAccess": [ { "id": "41094075-9dad-400e-a0bd-54e686782033", "type": "Scope" } ] } ]' if ! az ad app update \ --id "$APP_ID" \ --sign-in-audience AzureADMyOrg \ --is-fallback-public-client true \ --required-resource-accesses "$RESOURCE_ACCESS" \ --public-client-redirect-uris http://localhost "msal${APP_ID}://auth" \ --enable-access-token-issuance true \ --enable-id-token-issuance true \ >/dev/null 2>&1; then echo "Error: Failed to configure application '$APP_NAME' ($APP_ID)." >&2 exit 1 fi SP_ID="$(az ad sp show --id "$APP_ID" --query id -o tsv)" if [[ -z "$SP_ID" ]]; then SP_ID="$(az ad sp create --id "$APP_ID" --query id -o tsv)" if [[ -z "$SP_ID" ]]; then echo "Error: Failed to create service principal for application '$APP_NAME' ($APP_ID)." >&2 exit 1 fi else echo "Service principal for application '$APP_NAME' already exists with id '$SP_ID'." fi az ad app permission admin-consent --id "$APP_ID" if [[ $? -ne 0 ]]; then echo "Error: Failed to grant admin consent for application '$APP_NAME' ($APP_ID)." >&2 exit 1 fi TENANT_ID="$(az account show --query tenantId -o tsv)" if [[ -z "$TENANT_ID" ]]; then echo "Error: Failed to resolve tenantId from current Azure CLI context." >&2 exit 1 fi CONFIG="{ \"tenantId\": \"$TENANT_ID\", \"clientId\": \"$APP_ID\" } " if [[ -n "$CONFIG_PATH" ]]; then mkdir -p "$(dirname "$CONFIG_PATH")" else CONFIG_PATH="/dev/null" fi echo "$CONFIG" | tee "$CONFIG_PATH"