Edit

Share via

Get-EntraServicePrincipalOAuth2PermissionGrant

Module:
Microsoft.Entra Module v1.1

Gets an oAuth2PermissionGrant object.

Syntax

Default (Default) 

Get-EntraServicePrincipalOAuth2PermissionGrant
-ServicePrincipalId
    -ServicePrincipalId <String>
    [-All]
    [-Top <Int32>]
    [-Property <String[]>]
    [<CommonParameters>]

Description

The Get-EntraServicePrincipalOAuth2PermissionGrant cmdlet gets an oAuth2PermissionGrant object for a service principal in Microsoft Entra ID.

Examples

Example 1: Retrieve the OAuth2 permission grants of a service principal

Connect-Entra -Scopes 'Directory.Read.All'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Get-EntraServicePrincipalOAuth2PermissionGrant -ServicePrincipalId $servicePrincipal.Id

Id                                                               ClientId                             ConsentType   PrincipalId                          ResourceId                           Scope
--                                                               --------                             -----------   -----------                          ----------                           -----
A1bC2dE3f...                      00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals                                    aaaaaaaa-bbbb-cccc-1111-222222222222 openid profile U...

This example demonstrates how to get all oAuth2PermissionGrant object for a service principal in Microsoft Entra ID.

Example 2: Get all OAuth2 permission grants of a service principal

Connect-Entra -Scopes 'Directory.Read.All'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Get-EntraServicePrincipalOAuth2PermissionGrant -ServicePrincipalId $servicePrincipal.Id -All

Id                                                               ClientId                             ConsentType   PrincipalId                          ResourceId                           Scope
--                                                               --------                             -----------   -----------                          ----------                           -----
A1bC2dE3f...                                                      00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals                                      A1bC2dE3f...                          openid profile U...
A1bC2dE3f...                                                      00001111-aaaa-2222-bbbb-3333cccc4444 Principal      412be9d1-1460-4061-8eed-cca203fcb215 aaaaaaaa-bbbb-cccc-1111-222222222222 openid profile U...
A1bC2dE3f...                                                      00001111-aaaa-2222-bbbb-3333cccc4444 Principal      996d39aa-fdac-4d97-aa3d-c81fb47362ac aaaaaaaa-bbbb-cccc-1111-222222222222 PrivilegedAccess...

This example demonstrates how to get all oAuth2PermissionGrant object for a service principal in Microsoft Entra ID.

Example 3: Get two OAuth2 permission grants of a service principal

Connect-Entra -Scopes 'Directory.Read.All'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Get-EntraServicePrincipalOAuth2PermissionGrant -ServicePrincipalId $servicePrincipal.Id -Top 2

Id                                                               ClientId                             ConsentType   PrincipalId                          ResourceId                           Scope
--                                                               --------                             -----------   -----------                          ----------                           -----
A1bC2dE3f...                                                      00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals                                      aaaaaaaa-bbbb-cccc-1111-222222222222 openid profile U...
A1bC2dE3f...                                                      00001111-aaaa-2222-bbbb-3333cccc4444 Principal      412be9d1-1460-4061-8eed-cca203fcb215 aaaaaaaa-bbbb-cccc-1111-222222222222 openid profile U...

This example demonstrates how to get top two oAuth2PermissionGrant object for a service principal in Microsoft Entra ID. You can use -Limit as an alias for -Top.

Parameters

-All

List all pages.

Parameter properties

Type:System.Management.Automation.SwitchParameter
Default value:False
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Property

Specifies properties to be returned

Parameter properties

Type:

System.String[]

Default value:None
Supports wildcards:False
DontShow:False
Aliases:Select

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-ServicePrincipalId

Specifies the ID of a service principal in Microsoft Entra ID.

Parameter properties

Type:System.String
Default value:None
Supports wildcards:False
DontShow:False
Aliases:ObjectId

Parameter sets

(All)
Position:Named
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:True
Value from remaining arguments:False

-Top

Specifies the maximum number of records to return.

Parameter properties

Type:System.Int32
Default value:None
Supports wildcards:False
DontShow:False
Aliases:Limit

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:True
Value from pipeline by property name:True
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.