perf: update Microsoft Entra app manifest to new schema (#1390)

Co-authored-by: rentu <rentu>
OfficeDev · Jan 7, 2025 · ad4ab4b · ad4ab4b
1 parent 4215185
commit ad4ab4b
Show file tree

Hide file tree

Showing 19 changed files with 1,615 additions and 1,486 deletions.
diff --git a/bot-sso-docker/aad.manifest.json b/bot-sso-docker/aad.manifest.json
@@ -1,9 +1,77 @@
 {
     "id": "${{AAD_APP_OBJECT_ID}}",
     "appId": "${{AAD_APP_CLIENT_ID}}",
-    "name": "SSO Bot AAD",
-    "accessTokenAcceptedVersion": 2,
+    "displayName": "SSO Bot AAD",
+    "identifierUris": [
+        "api://botid-${{BOT_ID}}"
+    ],
     "signInAudience": "AzureADMyOrg",
+    "api": {
+        "requestedAccessTokenVersion": 2,
+        "oauth2PermissionScopes": [
+            {
+                "adminConsentDescription": "Allows Teams to call the app's web APIs as the current user.",
+                "adminConsentDisplayName": "Teams can access app's web APIs",
+                "id": "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}",
+                "isEnabled": true,
+                "type": "User",
+                "userConsentDescription": "Enable Teams to call this app's web APIs with the same rights that you have",
+                "userConsentDisplayName": "Teams can access app's web APIs and make requests on your behalf",
+                "value": "access_as_user"
+            }
+        ],
+        "preAuthorizedApplications": [
+            {
+                "appId": "1fec8e78-bce4-4aaf-ab1b-5451cc387264",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            },
+            {
+                "appId": "5e3ce6c0-2b1f-4285-8d4b-75ee78787346",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            },
+            {
+                "appId": "d3590ed6-52b3-4102-aeff-aad2292ab01c",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            },
+            {
+                "appId": "00000002-0000-0ff1-ce00-000000000000",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            },
+            {
+                "appId": "bc59ab01-8403-45c6-8796-ac3ef710b3e3",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            },
+            {
+                "appId": "0ec893e0-5785-4de6-99da-4ed124e5296c",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            },
+            {
+                "appId": "4765445b-32c6-49b0-83e6-1d93765276ca",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            },
+            {
+                "appId": "4345a7b9-9a63-4910-a426-35363201d503",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            }
+        ]
+    },
+    "info": {},
     "optionalClaims": {
         "idToken": [],
         "accessToken": [
@@ -16,6 +84,9 @@
         ],
         "saml2Token": []
     },
+    "publicClient": {
+        "redirectUris": []
+    },
     "requiredResourceAccess": [
         {
             "resourceAppId": "Microsoft Graph",
@@ -27,75 +98,13 @@
             ]
         }
     ],
-    "oauth2Permissions": [
-        {
-            "adminConsentDescription": "Allows Teams to call the app's web APIs as the current user.",
-            "adminConsentDisplayName": "Teams can access app's web APIs",
-            "id": "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}",
-            "isEnabled": true,
-            "type": "User",
-            "userConsentDescription": "Enable Teams to call this app's web APIs with the same rights that you have",
-            "userConsentDisplayName": "Teams can access app's web APIs and make requests on your behalf",
-            "value": "access_as_user"
-        }
-    ],
-    "preAuthorizedApplications": [
-        {
-            "appId": "1fec8e78-bce4-4aaf-ab1b-5451cc387264",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        },
-        {
-            "appId": "5e3ce6c0-2b1f-4285-8d4b-75ee78787346",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        },
-        {
-            "appId": "d3590ed6-52b3-4102-aeff-aad2292ab01c",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        },
-        {
-            "appId": "00000002-0000-0ff1-ce00-000000000000",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        },
-        {
-            "appId": "bc59ab01-8403-45c6-8796-ac3ef710b3e3",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        },
-        {
-            "appId": "0ec893e0-5785-4de6-99da-4ed124e5296c",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        },
-        {
-            "appId": "4765445b-32c6-49b0-83e6-1d93765276ca",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        },
-        {
-            "appId": "4345a7b9-9a63-4910-a426-35363201d503",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        }
-    ],
-    "identifierUris":[
-        "api://botid-${{BOT_ID}}"
-    ],
-    "replyUrlsWithType":[
-        {
-          "url": "https://${{BOT_DOMAIN}}/auth-end.html",
-          "type": "Web"
-        }
-    ]
+    "web": {
+        "redirectUris": [
+            "https://${{BOT_DOMAIN}}/auth-end.html"
+        ],
+        "implicitGrantSettings": {}
+    },
+    "spa": {
+        "redirectUris": []
+    }
 }
diff --git a/bot-sso/aad.manifest.json b/bot-sso/aad.manifest.json
@@ -1,9 +1,77 @@
 {
     "id": "${{AAD_APP_OBJECT_ID}}",
     "appId": "${{AAD_APP_CLIENT_ID}}",
-    "name": "bot-sso-aad",
-    "accessTokenAcceptedVersion": 2,
+    "displayName": "bot-sso-aad",
+    "identifierUris": [
+        "api://botid-${{BOT_ID}}"
+    ],
     "signInAudience": "AzureADMyOrg",
+    "api": {
+        "requestedAccessTokenVersion": 2,
+        "oauth2PermissionScopes": [
+            {
+                "adminConsentDescription": "Allows Teams to call the app's web APIs as the current user.",
+                "adminConsentDisplayName": "Teams can access app's web APIs",
+                "id": "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}",
+                "isEnabled": true,
+                "type": "User",
+                "userConsentDescription": "Enable Teams to call this app's web APIs with the same rights that you have",
+                "userConsentDisplayName": "Teams can access app's web APIs and make requests on your behalf",
+                "value": "access_as_user"
+            }
+        ],
+        "preAuthorizedApplications": [
+            {
+                "appId": "1fec8e78-bce4-4aaf-ab1b-5451cc387264",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            },
+            {
+                "appId": "5e3ce6c0-2b1f-4285-8d4b-75ee78787346",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            },
+            {
+                "appId": "d3590ed6-52b3-4102-aeff-aad2292ab01c",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            },
+            {
+                "appId": "00000002-0000-0ff1-ce00-000000000000",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            },
+            {
+                "appId": "bc59ab01-8403-45c6-8796-ac3ef710b3e3",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            },
+            {
+                "appId": "0ec893e0-5785-4de6-99da-4ed124e5296c",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            },
+            {
+                "appId": "4765445b-32c6-49b0-83e6-1d93765276ca",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            },
+            {
+                "appId": "4345a7b9-9a63-4910-a426-35363201d503",
+                "delegatedPermissionIds": [
+                    "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+                ]
+            }
+        ]
+    },
+    "info": {},
     "optionalClaims": {
         "idToken": [],
         "accessToken": [
@@ -16,6 +84,9 @@
         ],
         "saml2Token": []
     },
+    "publicClient": {
+        "redirectUris": []
+    },
     "requiredResourceAccess": [
         {
             "resourceAppId": "Microsoft Graph",
@@ -27,75 +98,13 @@
             ]
         }
     ],
-    "oauth2Permissions": [
-        {
-            "adminConsentDescription": "Allows Teams to call the app's web APIs as the current user.",
-            "adminConsentDisplayName": "Teams can access app's web APIs",
-            "id": "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}",
-            "isEnabled": true,
-            "type": "User",
-            "userConsentDescription": "Enable Teams to call this app's web APIs with the same rights that you have",
-            "userConsentDisplayName": "Teams can access app's web APIs and make requests on your behalf",
-            "value": "access_as_user"
-        }
-    ],
-    "preAuthorizedApplications": [
-        {
-            "appId": "1fec8e78-bce4-4aaf-ab1b-5451cc387264",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        },
-        {
-            "appId": "5e3ce6c0-2b1f-4285-8d4b-75ee78787346",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        },
-        {
-            "appId": "d3590ed6-52b3-4102-aeff-aad2292ab01c",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        },
-        {
-            "appId": "00000002-0000-0ff1-ce00-000000000000",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        },
-        {
-            "appId": "bc59ab01-8403-45c6-8796-ac3ef710b3e3",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        },
-        {
-            "appId": "0ec893e0-5785-4de6-99da-4ed124e5296c",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        },
-        {
-            "appId": "4765445b-32c6-49b0-83e6-1d93765276ca",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        },
-        {
-            "appId": "4345a7b9-9a63-4910-a426-35363201d503",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        }
-    ],
-    "identifierUris":[
-        "api://botid-${{BOT_ID}}"
-    ],
-    "replyUrlsWithType":[
-        {
-          "url": "https://${{BOT_DOMAIN}}/auth-end.html",
-          "type": "Web"
-        }
-    ]
+    "web": {
+        "redirectUris": [
+            "https://${{BOT_DOMAIN}}/auth-end.html"
+        ],
+        "implicitGrantSettings": {}
+    },
+    "spa": {
+        "redirectUris": []
+    }
 }