Get-EntraBetaServicePrincipalOAuth2PermissionGrant

Reference

Module:: Microsoft.Entra.Beta

Gets an OAuth2PermissionGrant object.

Syntax

Get-EntraBetaServicePrincipalOAuth2PermissionGrant
   -ServicePrincipalId <String>
   [-All]
   [-Top <Int32>]
   [-Property <String[]>]
   [<CommonParameters>]

Description

The Get-EntraBetaServicePrincipalOAuth2PermissionGrant cmdlet gets an OAuth2PermissionGrant object for a service principal in Microsoft Entra ID.

Examples

Example 1: Retrieve the OAuth2 permission grants of a service principal

Connect-Entra -Scopes 'Directory.Read.All'
$servicePrincipal = Get-EntraBetaServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Get-EntraBetaServicePrincipalOAuth2PermissionGrant -ServicePrincipalId $servicePrincipal.Id

Id                                                               ClientId                             ConsentType   PrincipalId                          ResourceId                           Scope
--                                                               --------                             -----------   -----------                          ----------                           -----
A1bC2dE3f...                      00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals                                    aaaaaaaa-bbbb-cccc-1111-222222222222 openid profile U...

This cmdlet retrieves a OAuth2PermissionGrant object for a service principal in Microsoft Entra ID. You can use the command Get-EntraBetaServicePrincipal to get service principal Id.

-ServicePrincipalId parameter specifies the ID of a service principal.

Example 2: Get all OAuth2 permission grants of a service principal

Connect-Entra -Scopes 'Directory.Read.All'
$servicePrincipal = Get-EntraBetaServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Get-EntraBetaServicePrincipalOAuth2PermissionGrant -ServicePrincipalId $servicePrincipal.Id -All

Id                                                               ClientId                             ConsentType   PrincipalId                          ResourceId                           Scope
--                                                               --------                             -----------   -----------                          ----------                           -----
A1bC2dE3f...                      00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals                                    aaaaaaaa-bbbb-cccc-1111-222222222222 openid profile U...
A1bC2dE3f...                      00001111-aaaa-2222-bbbb-3333cccc4444 Principal      412be9d1-1460-4061-8eed-cca203fcb215 aaaaaaaa-bbbb-cccc-1111-222222222222 openid profile U...
A1bC2dE3f...                      00001111-aaaa-2222-bbbb-3333cccc4444 Principal      996d39aa-fdac-4d97-aa3d-c81fb47362ac aaaaaaaa-bbbb-cccc-1111-222222222222 PrivilegedAccess...

This example demonstrates how to get all OAuth2PermissionGrant objects for a service principal in Microsoft Entra ID.

-ServicePrincipalId parameter specifies the ID of a service principal.

Example 3: Get two OAuth2 permission grants of a service principal

Connect-Entra -Scopes 'Directory.Read.All'
$servicePrincipal = Get-EntraBetaServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
Get-EntraBetaServicePrincipalOAuth2PermissionGrant -ServicePrincipalId $servicePrincipal.Id -Top 2

Id                                                               ClientId                             ConsentType   PrincipalId                          ResourceId                           Scope
--                                                               --------                             -----------   -----------                          ----------                           -----
A1bC2dE3f...                      00001111-aaaa-2222-bbbb-3333cccc4444 Principal      412be9d1-1460-4061-8eed-cca203fcb215 aaaaaaaa-bbbb-cccc-1111-222222222222 openid profile U...
A1bC2dE3f...                      00001111-aaaa-2222-bbbb-3333cccc4444 Principal      996d39aa-fdac-4d97-aa3d-c81fb47362ac aaaaaaaa-bbbb-cccc-1111-222222222222 PrivilegedAccess...

This example demonstrates how to get top two OAuth2PermissionGrant objects for a service principal in Microsoft Entra ID. You can use -Limit as an alias for -Top.

-ServicePrincipalId parameter specifies the ID of a service principal.

Parameters

-All

List all pages.

Type:	System.Management.Automation.SwitchParameter
Position:	Named
Default value:	False
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Property

Specifies properties to be returned.

Type:	System.String[]
Aliases:	Select
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-ServicePrincipalId

Specifies the ID of a service principal in Microsoft Entra ID.

Type:	System.String
Aliases:	ObjectId
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-Top

Specifies the maximum number of records to return.

Type:	System.Int32
Aliases:	Limit
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	True
Accept wildcard characters:	False

Get-EntraBetaServicePrincipal

Share via

Get-EntraBetaServicePrincipalOAuth2PermissionGrant

Syntax

Description

Examples

Example 1: Retrieve the OAuth2 permission grants of a service principal

Example 2: Get all OAuth2 permission grants of a service principal

Example 3: Get two OAuth2 permission grants of a service principal

Parameters

-All

-Property

-ServicePrincipalId

-Top

Feedback

Additional resources

Share via

Get-EntraBetaServicePrincipalOAuth2PermissionGrant

Syntax

Description

Examples

Example 1: Retrieve the OAuth2 permission grants of a service principal

Example 2: Get all OAuth2 permission grants of a service principal

Example 3: Get two OAuth2 permission grants of a service principal

Parameters

-All

-Property

-ServicePrincipalId

-Top

Related Links

Feedback

Additional resources