Hi, I am trying to generate the access token against the Ad app from my function app with its managed identity. For this I have created a App in Azure AD and Created the app role inside the Application. now I am trying to get the access token against the AD App API. For that I am trying to assign the approle as mentioned in the Docs. but I am unable to fetch the roles of the AD app as mentioned in the script. can someone point me what am I doing wrong?
$tenantID = '<tenant-id>'
$webAppName = 'Function-app-name'
$resourceGroupName = 'Fnction-app-it-belongs-to'
$serverApplicationName = 'Ad Application Name' # For example, MyApi
$appRoleName = 'App role created inside AD App' # For example, MyApi.Read.All
$managedIdentityObjectId = (Get-AzADServicePrincipal -DisplayName $webAppName).Id
Connect-AzureAD -TenantId $tenantID
$serverServicePrincipal = (Get-AzureADServicePrincipal -Filter "DisplayName eq '$serverApplicationName'")
in the above statement I am getting the details of the Azure AD Applicaiton but its not listing the approles in the below statement.**
$serverServicePrincipalObjectId = $serverServicePrincipal.ObjectId
$appRoleId = ($serverServicePrincipal.AppRoles | Where-Object {$_.Value -eq $appRoleName }).Id
New-AzureADServiceAppRoleAssignment -ObjectId $managedIdentityObjectId
-Id $appRoleId -PrincipalId $managedIdentityObjectId
-ResourceId $serverServicePrincipalObjectId
