Get-EntraUserOAuth2PermissionGrant
Gets an oAuth2PermissionGrant object.
Syntax
Get-EntraUserOAuth2PermissionGrant
-UserId <String>
[-All]
[-Top <Int32>]
[-Property <String[]>]
[<CommonParameters>]
Description
The Get-EntraUserOAuth2PermissionGrant
cmdlet gets an oAuth2PermissionGrant object for the specified user in Microsoft Entra ID. Specify UserId
parameter to retrieve an oAuth2PermissionGrant object.
In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
- Application Administrator
- Application Developer
- Cloud Application Administrator
- Directory Writers
- Privileged Role Administrator
- User Administrator
- Directory Readers
- Global Reader
- Guest Inviter
Examples
Example 1: Retrieve the OAuth2 permission grants for a user using object ID parameter
Connect-Entra -Scopes 'Directory.Read.All'
Get-EntraUserOAuth2PermissionGrant -UserId 'SawyerM@contoso.com'
Id ClientId ConsentType ExpiryTime
-- -------- ----------- ----------
HXFXwKLgoUC4rwbZbCDIdffW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 00001111-aaaa-2222-bbbb-3333cccc4444 Principal 08-01-2024 10:0...
9uBzRwC0s0CFCDQN6O4Ik_fW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 11112222-bbbb-3333-cccc-4444dddd5555 Principal 13-01-2024 08:0...
This example retrieves the OAuth2 permission grants for a user using object ID parameter.
-UserId
parameter specifies the user ID.
Example 2: Retrieve the OAuth2 permission grants for a user using All parameter
Connect-Entra -Scopes 'Directory.Read.All'
Get-EntraUserOAuth2PermissionGrant -UserId 'SawyerM@contoso.com' -All
Id ClientId ConsentType ExpiryTime
-- -------- ----------- ----------
HXFXwKLgoUC4rwbZbCDIdffW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 00001111-aaaa-2222-bbbb-3333cccc4444 Principal 08-01-2024 10:0...
9uBzRwC0s0CFCDQN6O4Ik_fW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 11112222-bbbb-3333-cccc-4444dddd5555 Principal 13-01-2024 08:0...
This example retrieves the OAuth2 permission grants for a user using All parameter.
-ObjectId
parameter specifies the user ID.
Example 3: Retrieve top one OAuth2 permission grant
Connect-Entra -Scopes 'Directory.Read.All'
Get-EntraUserOAuth2PermissionGrant -ObjectId 'SawyerM@contoso.com' -Top 1
Id ClientId ConsentType ExpiryTime
-- -------- ----------- ----------
HXFXwKLgoUC4rwbZbCDIdffW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 00001111-aaaa-2222-bbbb-3333cccc4444 Principal 08-01-2024 10:0...
This Example Retrieve top one the OAuth2 permission grant in Microsoft Entra ID.
-UserId
parameter specifies the user ID.
Parameters
-All
List all pages.
Type: | System.Management.Automation.SwitchParameter |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Property
Specifies properties to be returned
Type: | System.String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Top
Specifies the maximum number of records to return.
Type: | System.Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-UserId
Specifies the ID (as a User Principal Name or ObjectId) of a user in Microsoft Entra ID.
Type: | System.String |
Aliases: | ObjectId |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |