question

AndrewOmondi-5314 avatar image
0 Votes"
AndrewOmondi-5314 asked AndrewOmondi-5314 commented

Create an application with "web" or "api" properties on beta api results in (500) internal server error

Using the beta applications api, and having the 'web' or 'api' properties in the payload (reference here) returns Internal Server Error - 500.
If the web and api properties are removed, the application is created successfully.

Attempting to create the application without the web and api and then attempting to update the properties via PATCH still results to a 500 response. Looking up the request Id on graph logs also does not give information on what could be wrong.

According to the known issues topic, there are changes currently in development in the applications resource. Is this related?
What would be the correct way to create an application with these properties?

An example request looks like this,

 {
   "api": {
     "oauth2PermissionScopes": [
       {
         "adminConsentDescription": "Allow the application to access Chorus Cluster (richf02.dev.ossiaco.com) on behalf of the signed-in user.",
         "adminConsentDisplayName": "Access Chorus Cluster (richf02.dev.ossiaco.com)",
         "id": "b128e2f0-5463-427b-aab3-362eb17404ce",
         "isEnabled": true,
         "origin": "Application",
         "type": "User",
         "userConsentDescription": "Allow the application to access Chorus Cluster (richf02.dev.ossiaco.com) on your behalf.",
         "userConsentDisplayName": "Access Chorus Cluster (richf02.dev.ossiaco.com)",
         "value": "user_impersonation"
       }
     ]
   },
   "appRoles": [
     {
       "allowedMemberTypes": [
         "User"
       ],
       "description": "Admins can manage roles and perform all task actions",
       "displayName": "Admin",
       "id": "4b91dc99-04e7-4820-8288-bc765d66a61d",
       "isEnabled": true,
       "origin": "Application",
       "value": "Admin"
     },
     {
       "allowedMemberTypes": [
         "User"
       ],
       "description": "ReadOnly roles have limited query access",
       "displayName": "ReadOnly",
       "id": "accb8309-f2e9-49ae-b845-3cae103f68a4",
       "isEnabled": true,
       "origin": "Application",
       "value": "User"
     }
   ],
   "displayName": "Chorus Cluster (richf02.dev.ossiaco.com)",
   "optionalClaims": {
     "accessToken": [
       {
         "additionalProperties": [
           "use_guid"
         ],
         "name": "aud"
       }
     ]
   },
   "requiredResourceAccess": [
     {
       "resourceAccess": [
         {
           "id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
           "type": "Scope"
         }
       ],
       "resourceAppId": "00000002-0000-0000-c000-000000000000"
     }
   ],
   "signInAudience": "AzureADMyOrg",
   "web": {
     "homePageUrl": "https://richf02.dev.ossiaco.com:19080/Explorer/index.html",
     "oauth2AllowImplicitFlow": true,
     "redirectUris": [
       "https://richf02.dev.ossiaco.com:19080/Explorer/index.html"
     ]
   }
 }

Example request ids for tracing.

  Message: Encountered an internal server error.
       Inner error:
         AdditionalData:
         date: 2021-07-08T16:35:06
         request-id: 4263c611-dfa4-4e33-96f7-b08702f3cc96
         client-request-id: 4263c611-dfa4-4e33-96f7-b08702f3cc96
       ClientRequestId: 4263c611-dfa4-4e33-96f7-b08702f3cc96




Sourced from https://github.com/microsoftgraph/msgraph-beta-sdk-dotnet/issues/320

microsoft-graph-applications
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Can you update these two properties in the Azure portal?

0 Votes 0 ·

Yes. On the web UI updating the properties works.
However, checking on dev tools, it seems to call the v1.0 api endpoint and not the beta api endpoint.

0 Votes 0 ·

1 Answer

CarlZhao-MSFT avatar image
1 Vote"
CarlZhao-MSFT answered AndrewOmondi-5314 commented

After testing, I found your problem. You have two parameter settings incorrectly. First, there is no origin parameter under the api parameter, so you need to delete the origin parameter. In addition, the oauth2AllowImplicitFlow parameter should not be included in the web parameters, because they are in a parallel relationship rather than a contained relationship, so you should also remove the oauth2AllowImplicitFlow parameter from the web parameter.

 {
     "api": {
         "oauth2PermissionScopes": [
             {
                 "adminConsentDescription": "Allow the application to access Chorus Cluster (richf02.dev.ossiaco.com) on behalf of the signed-in user.",
                 "adminConsentDisplayName": "Access Chorus Cluster (richf02.dev.ossiaco.com)",
                 "id": "b128e2f0-5463-427b-aab3-362eb17404ce",
                 "isEnabled": true,
                 "type": "User",
                 "userConsentDescription": "Allow the application to access Chorus Cluster (richf02.dev.ossiaco.com) on your behalf.",
                 "userConsentDisplayName": "Access Chorus Cluster (richf02.dev.ossiaco.com)",
                 "value": "user_impersonation"
             }
         ]
     },
     "web": {
         "homePageUrl": "https://richf02.dev.ossiaco.com:19080/Explorer/index.html",
         "redirectUris": [
             "https://richf02.dev.ossiaco.com:19080/Explorer/index.html"
         ]
     }
 }


114068-217.png


Please note that you cannot use ms graph api (create or update) to set the oauth2AllowImplicitFlow parameter, you can only set it through the Azure portal.

114141-218.png




If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.





217.png (55.9 KiB)
218.png (68.7 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks a lot for this!

0 Votes 0 ·