Why is "Application permissions" disabled in Azure AD's "Request API permissions"?

azure azure-active-directory azure-ad-b2b

Solution 1:

Per my understanding, you are exposing your custom api protected by Azure AD. If so, you need to define the application permission by editing the manifest of your api app.

enter image description here

manifest:

"appRoles": [
        {
            "allowedMemberTypes": [
                "Application"
            ],
            "description": "Apps that have this role have the ability to invoke my API",
            "displayName": "Can invoke my API",
            "id": "fc803414-3c61-4ebc-a5e5-cd1675c14bbb",
            "isEnabled": true,
            "lang": null,
            "origin": "Application",
            "value": "myTestRole"
        }
    ]

Then the application permission will show up.

enter image description here

Solution 2:

you actually don't give it permissions that way. It's really confusing. Instead you add your registered app to your subscription and apply a reader role, sort of through IAM. See here:

https://medium.com/@crlmas07/programmatic-access-to-azure-portal-d925ea90831e

Related

How to initialize a DateTime field?
For nested templates, when did `>>` become standard C++ (instead of `> >`)?
Forcing PowerShell errors output in English on localized systems
Javascript compare 3 values
Form too Large Exception
jquery html() strips out script tags
How to get around lack of covariance with IReadOnlyDictionary?
How to use unsigned int / long types with Entity Framework?
C# - static types cannot be used as type arguments
Python matplotlib restrict to integer tick locations
How to include omp.h in OS X?
Go template name