Edit

Share via

Get-EntraUserOAuth2PermissionGrant

Module:
Microsoft.Entra Module v1.1

Gets an oAuth2PermissionGrant object.

Syntax

Default (Default) 

Get-EntraUserOAuth2PermissionGrant

    -UserId <String>
    [-All]
    [-Top <Int32>]
    [-Property <String[]>]
    [<CommonParameters>]

Description

The Get-EntraUserOAuth2PermissionGrant cmdlet gets an oAuth2PermissionGrant object for the specified user in Microsoft Entra ID. Specify UserId parameter to retrieve an oAuth2PermissionGrant object.

In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation.

  • Application Administrator
  • Application Developer
  • Cloud Application Administrator
  • Directory Writers
  • Privileged Role Administrator
  • User Administrator
  • Directory Readers
  • Global Reader
  • Guest Inviter

Examples

Example 1: Retrieve the OAuth2 permission grants for a user using object ID parameter

Connect-Entra -Scopes 'Directory.Read.All'
Get-EntraUserOAuth2PermissionGrant -UserId 'SawyerM@contoso.com'

Id                                                               ClientId                             ConsentType ExpiryTime
--                                                               --------                             ----------- ----------
HXFXwKLgoUC4rwbZbCDIdffW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 00001111-aaaa-2222-bbbb-3333cccc4444 Principal   08-01-2024 10:0...
9uBzRwC0s0CFCDQN6O4Ik_fW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 11112222-bbbb-3333-cccc-4444dddd5555 Principal   13-01-2024 08:0...

This example retrieves the OAuth2 permission grants for a user using object ID parameter.

  • -UserId parameter specifies the user ID.

Example 2: Retrieve the OAuth2 permission grants for a user using All parameter

Connect-Entra -Scopes 'Directory.Read.All'
Get-EntraUserOAuth2PermissionGrant -UserId 'SawyerM@contoso.com' -All

Id                                                               ClientId                             ConsentType ExpiryTime
--                                                               --------                             ----------- ----------
HXFXwKLgoUC4rwbZbCDIdffW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 00001111-aaaa-2222-bbbb-3333cccc4444 Principal   08-01-2024 10:0...
9uBzRwC0s0CFCDQN6O4Ik_fW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 11112222-bbbb-3333-cccc-4444dddd5555 Principal   13-01-2024 08:0...

This example retrieves the OAuth2 permission grants for a user using All parameter.

  • -UserId parameter specifies the user ID.

Example 3: Retrieve top one OAuth2 permission grant

Connect-Entra -Scopes 'Directory.Read.All'
Get-EntraUserOAuth2PermissionGrant -ObjectId 'SawyerM@contoso.com' -Top 1

Id                                                               ClientId                             ConsentType ExpiryTime
--                                                               --------                             ----------- ----------
HXFXwKLgoUC4rwbZbCDIdffW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 00001111-aaaa-2222-bbbb-3333cccc4444 Principal   08-01-2024 10:0...

This Example Retrieve top one the OAuth2 permission grant in Microsoft Entra ID. You can use -Limit as an alias for -Top.

  • -UserId parameter specifies the user ID.

Parameters

-All

List all pages.

Parameter properties

Type:System.Management.Automation.SwitchParameter
Default value:False
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Property

Specifies properties to be returned

Parameter properties

Type:

System.String[]

Default value:None
Supports wildcards:False
DontShow:False
Aliases:Select

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Top

Specifies the maximum number of records to return.

Parameter properties

Type:System.Int32
Default value:None
Supports wildcards:False
DontShow:False
Aliases:Limit

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:True
Value from pipeline by property name:True
Value from remaining arguments:False

-UserId

Specifies the ID (as a User Principal Name or ObjectId) of a user in Microsoft Entra ID.

Parameter properties

Type:System.String
Default value:None
Supports wildcards:False
DontShow:False
Aliases:ObjectId, UPN, Identity, UserPrincipalName

Parameter sets

(All)
Position:Named
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:True
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.