Application permissions is greyed out after exposing an API in Azure AD

Question

I have exposed an API ( API -A ) in Azure AD. When i am trying to add that exposed API under application permissions for another API -B, i see that Application permissions is greyed out.

How do i enable application permissions, so that i can use it with client credential flow. Currently, it only allow to pick delegated permissions.

Answer 1

@Anuj Rana , Thank you for reaching out. In order to get the application permission visible for this exposed API, when you try to add the exposed API to another API or application registered in AAD, you need to specify the scope under the AppRoles array. This can be found in the app manifest.

You can follow the steps mentioned below to fix this issue:

1. Open the app manifest of the exposed api
2. Locate appRoles array
3. Put in something similar to: "appRoles": [
   {
   "allowedMemberTypes": [ "Application" ],
   "description": "Accesses the TodoListService-Cert as an application.",
   "displayName": "access_as_application",
   "id": "ccf784a6-fd0c-45f2-9c08-2f9d162a0628",
   "isEnabled": true,
   "lang": null,
   "origin": "Application",
   "value": "access_as_application"
   }
   ],

Once done, go back to the other API/App where you would want to add permissions for this exposed API and you should be able to see the application permission section listed now.

For more info, you can check on this link: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-protected-web-api-app-registration

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.