Why is "Application permissions" disabled in Azure AD's "Request API permissions"?
Solution 1:
Per my understanding, you are exposing your custom api protected by Azure AD. If so, you need to define the application permission by editing the manifest of your api app.
manifest:
"appRoles": [
{
"allowedMemberTypes": [
"Application"
],
"description": "Apps that have this role have the ability to invoke my API",
"displayName": "Can invoke my API",
"id": "fc803414-3c61-4ebc-a5e5-cd1675c14bbb",
"isEnabled": true,
"lang": null,
"origin": "Application",
"value": "myTestRole"
}
]
Then the application permission will show up.
Solution 2:
you actually don't give it permissions that way. It's really confusing. Instead you add your registered app to your subscription and apply a reader role, sort of through IAM. See here:
https://medium.com/@crlmas07/programmatic-access-to-azure-portal-d925ea90831e