Get-EntraUserOAuth2PermissionGrant

Gets an oAuth2PermissionGrant object.

Syntax

Get-EntraUserOAuth2PermissionGrant
   -UserId <String>
   [-All]
   [-Top <Int32>]
   [-Property <String[]>]
   [<CommonParameters>]

Description

The Get-EntraUserOAuth2PermissionGrant cmdlet gets an oAuth2PermissionGrant object for the specified user in Microsoft Entra ID. Specify UserId parameter to retrieve an oAuth2PermissionGrant object.

In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation.

  • Application Administrator
  • Application Developer
  • Cloud Application Administrator
  • Directory Writers
  • Privileged Role Administrator
  • User Administrator
  • Directory Readers
  • Global Reader
  • Guest Inviter

Examples

Example 1: Retrieve the OAuth2 permission grants for a user using object ID parameter

Connect-Entra -Scopes 'Directory.Read.All'
Get-EntraUserOAuth2PermissionGrant -UserId 'SawyerM@contoso.com'

Id                                                               ClientId                             ConsentType ExpiryTime
--                                                               --------                             ----------- ----------
HXFXwKLgoUC4rwbZbCDIdffW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 00001111-aaaa-2222-bbbb-3333cccc4444 Principal   08-01-2024 10:0...
9uBzRwC0s0CFCDQN6O4Ik_fW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 11112222-bbbb-3333-cccc-4444dddd5555 Principal   13-01-2024 08:0...

This example retrieves the OAuth2 permission grants for a user using object ID parameter.

  • -UserId parameter specifies the user ID.

Example 2: Retrieve the OAuth2 permission grants for a user using All parameter

Connect-Entra -Scopes 'Directory.Read.All'
Get-EntraUserOAuth2PermissionGrant -UserId 'SawyerM@contoso.com' -All

Id                                                               ClientId                             ConsentType ExpiryTime
--                                                               --------                             ----------- ----------
HXFXwKLgoUC4rwbZbCDIdffW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 00001111-aaaa-2222-bbbb-3333cccc4444 Principal   08-01-2024 10:0...
9uBzRwC0s0CFCDQN6O4Ik_fW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 11112222-bbbb-3333-cccc-4444dddd5555 Principal   13-01-2024 08:0...

This example retrieves the OAuth2 permission grants for a user using All parameter.

  • -ObjectId parameter specifies the user ID.

Example 3: Retrieve top one OAuth2 permission grant

Connect-Entra -Scopes 'Directory.Read.All'
Get-EntraUserOAuth2PermissionGrant -ObjectId 'SawyerM@contoso.com' -Top 1

Id                                                               ClientId                             ConsentType ExpiryTime
--                                                               --------                             ----------- ----------
HXFXwKLgoUC4rwbZbCDIdffW8XpadQNIoHik9aQxrVHR6StBYBRhQI7tzKID_LIV 00001111-aaaa-2222-bbbb-3333cccc4444 Principal   08-01-2024 10:0...

This Example Retrieve top one the OAuth2 permission grant in Microsoft Entra ID.

  • -UserId parameter specifies the user ID.

Parameters

-All

List all pages.

Type:System.Management.Automation.SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Property

Specifies properties to be returned

Type:System.String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Top

Specifies the maximum number of records to return.

Type:System.Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-UserId

Specifies the ID (as a User Principal Name or ObjectId) of a user in Microsoft Entra ID.

Type:System.String
Aliases:ObjectId
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False