Missing OBO authentication on blueprint #191
Description
Ensure that blueprints created with the cli are granted "on-behalf of" authentication for agentic users.
Connect-MgGraph -Scopes "AgentIdentityBlueprint.ReadWrite.All" -TenantId <tenant-id>
$AppId = "<blueprint-id>"
$IdentifierUri = "api://<blueprint-id>"
$ScopeId = [guid]::NewGuid()
# Construct the OAuth2 permission scope
$scope = @{ adminConsentDescription = "Allow the application to access the agent on behalf of the signed-in user."; adminConsentDisplayName = "<name-of-future-agent>"; id = $ScopeId; isEnabled = $true; type = "User"; value = "access_agent"; }
Update-MgBetaApplication -ApplicationId $AppId -IdentifierUris @($IdentifierUri) -Api @{ oauth2PermissionScopes = @($scope) }
Metadata
Metadata
Assignees
Labels
No labels