From 692309d57cf81452f00cf14dbe3e4f22d677cda3 Mon Sep 17 00:00:00 2001 From: Dan Patrick Date: Fri, 26 Jul 2024 17:50:53 -0400 Subject: [PATCH] Update Entra App Reg create script; add template files --- .../common/scripts/Create-FllmEntraIdApps.ps1 | 138 +++++++++++------- .../foundationalllm-authorization.json | 56 ------- .../scripts/foundationalllm-client.json | 40 ----- .../scripts/foundationalllm-management.json | 56 ------- .../foundationalllm-managementclient.json | 33 ----- .../foundationalllm-vectorization.json | 56 ------- deploy/common/scripts/foundationalllm.json | 56 ------- ...dationallm-authorization-api.template.json | 56 +++++++ .../foundationallm-core-api.template.json | 56 +++++++ .../foundationallm-core-portal.template.json | 40 +++++ ...oundationallm-management-api.template.json | 56 +++++++ ...dationallm-management-portal.template.json | 33 +++++ 12 files changed, 324 insertions(+), 352 deletions(-) delete mode 100644 deploy/common/scripts/foundationalllm-authorization.json delete mode 100644 deploy/common/scripts/foundationalllm-client.json delete mode 100644 deploy/common/scripts/foundationalllm-management.json delete mode 100644 deploy/common/scripts/foundationalllm-managementclient.json delete mode 100644 deploy/common/scripts/foundationalllm-vectorization.json delete mode 100644 deploy/common/scripts/foundationalllm.json create mode 100644 deploy/common/scripts/foundationallm-authorization-api.template.json create mode 100644 deploy/common/scripts/foundationallm-core-api.template.json create mode 100644 deploy/common/scripts/foundationallm-core-portal.template.json create mode 100644 deploy/common/scripts/foundationallm-management-api.template.json create mode 100644 deploy/common/scripts/foundationallm-management-portal.template.json diff --git a/deploy/common/scripts/Create-FllmEntraIdApps.ps1 b/deploy/common/scripts/Create-FllmEntraIdApps.ps1 index a3ac731602..44c89c0d22 100644 --- a/deploy/common/scripts/Create-FllmEntraIdApps.ps1 +++ b/deploy/common/scripts/Create-FllmEntraIdApps.ps1 @@ -1,30 +1,29 @@ #! /usr/bin/pwsh - -Param( - [parameter(Mandatory = $false)][string]$authAppName="FoundationaLLM-Authorization-API", - [parameter(Mandatory = $false)][string]$coreAppName="FoundationaLLM-Core-API", - [parameter(Mandatory = $false)][string]$coreClientAppName="FoundationaLLM-Core-Portal", - [parameter(Mandatory = $false)][string]$mgmtAppName="FoundationaLLM-Management-API", - [parameter(Mandatory = $false)][string]$mgmtClientAppName="FoundationaLLM-Management-Portal" -) - -Set-StrictMode -Version 3.0 -$ErrorActionPreference = "Stop" - <# .SYNOPSIS - Generates a set of FLLM EntraID API apps and their respective client apps in the Azure AD tenant. - + Generates a set of FLLM EntraID App Registrations and their respective client apps in the Entra ID tenant. + See the following link for more information: https://docs.foundationallm.ai/deployment/authentication-authorization/index.html + **These app names are mandatory, you can't change the names or the scopes.** + .DESCRIPTION The script will create the following apps: - - FoundationaLLM - - FoundationaLLM-Client - - FoundationaLLM-Management - - FoundationaLLM-ManagementClient - - FoundationaLLM-Authorization - - + - FoundationaLLM-Authorization-API + - FoundationaLLM-Core-API + - FoundationaLLM-Core-Portal + - FoundationaLLM-Management-API + - FoundationaLLM-Management-Portal + The script will also assign the required permissions to the client apps and the required API permissions to the API apps. - URLs for the client apps are optional and can be set using the appUrl and appUrlLocal parameters. + +.REQUIREMENTS + - The user must be a Global Administrator in the Entra ID tenant or have RBAC rights to create App Registrations and Service Principals. + - The Azure CLI must be installed and authenticated to the Entra ID tenant. + - Scaffolding JSON files must be present in the same directory as the script. + - foundationallm-authorization-api.template.json + - foundationallm-core-api.template.json + - foundationallm-core-portal.template.json + - foundationallm-management-api.template.json + - foundationallm-management-portal.template.json .PARAMETER appPermissionsId The GUID of the permission to assign to the client app. @@ -36,24 +35,53 @@ The URL of the client app. The local URL of the client app. .PARAMETER createClientApp -Whether to create the client app or not. Default is true. False will only create the API app. +If set to $true, the script will create a client app. If set to $false, the script will not create a client app. + +.PARAMETER fllmApi +The name of the API app. + +.PARAMETER fllmApiConfigPath +The path to the API app configuration file. + +.PARAMETER fllmApiUri +The URI of the API app. + +.PARAMETER fllmClient +The name of the client app. + +.PARAMETER fllmClientConfigPath +The path to the client app configuration file. + .EXAMPLE The following example creates the FoundationaLLM API and client apps. # Create FoundationaLLM Core App Registrations $params = @{ - fllmApi = "FoundationaLLM" - fllmClient = "FoundationaLLM-Client" - fllmApiConfigPath = "foundationalllm.json" - fllmClientConfigPath = "foundationalllm-client.json" appPermissionsId = "6da07102-bb6a-421d-a71e-dfdb6031d3d8" appUrl = "" appUrlLocal = "http://localhost:3000/signin-oidc" + fllmApi = $coreAppName + fllmApiConfigPath = "foundationallm-core-api.json" + fllmApiUri = "api://FoundationaLLM-Core" + fllmClient = $coreClientAppName + fllmClientConfigPath = "foundationallm-core-portal.json" } -New-FllmEntraIdApps @params +$($fllmAppRegs).Core = New-FllmEntraIdApps @params #> + +Param( + [parameter(Mandatory = $false)][string]$authAppName="FoundationaLLM-Authorization-API", + [parameter(Mandatory = $false)][string]$coreAppName="FoundationaLLM-Core-API", + [parameter(Mandatory = $false)][string]$coreClientAppName="FoundationaLLM-Core-Portal", + [parameter(Mandatory = $false)][string]$mgmtAppName="FoundationaLLM-Management-API", + [parameter(Mandatory = $false)][string]$mgmtClientAppName="FoundationaLLM-Management-Portal" +) + +Set-StrictMode -Version 3.0 +$ErrorActionPreference = "Stop" + function New-FllmEntraIdApps { param ( [Parameter(Mandatory = $true)][string]$appPermissionsId, @@ -69,12 +97,12 @@ function New-FllmEntraIdApps { $fllmAppRegMetaData = @{} try { - # Create the FLLM APIApp Registration + # Create the FLLM API App Registration $($fllmAppRegMetaData).Api = @{ Name = $fllmApi Uri = $fllmApiUri } - Write-Host "Creating EntraID Application Registration named $($fllmAppRegMetaData.Api.Name)" + Write-Host -ForegroundColor Yellow "Creating EntraID Application Registration named $($fllmAppRegMetaData.Api.Name)" $($fllmAppRegMetaData.Api).AppId = $(az ad app create --display-name $($fllmAppRegMetaData.Api.Name) --query appId --output tsv) $($fllmAppRegMetaData.Api).ObjectId = $(az ad app show --id $($fllmAppRegMetaData.Api.AppId) --query id --output tsv) az ad sp create --id $($fllmAppRegMetaData.Api.AppId) @@ -82,19 +110,19 @@ function New-FllmEntraIdApps { # Create the FLLM ClientApp Registration if ($createClientApp) { $($fllmAppRegMetaData).Client = @{ Name = $fllmClient } - Write-Host "Creating EntraID Application Registration named $($fllmAppRegMetaData.Client.Name)" + Write-Host -ForegroundColor Yellow "Creating EntraID Application Registration named $($fllmAppRegMetaData.Client.Name)" $($fllmAppRegMetaData.Client).AppId = $(az ad app create --display-name $($fllmAppRegMetaData.Client.Name) --query appId --output tsv) $($fllmAppRegMetaData.Client).ObjectId = $(az ad app show --id $($fllmAppRegMetaData.Client.AppId) --query id --output tsv) az ad sp create --id $($fllmAppRegMetaData.Client.AppId) } - # Update the APIApp Registration - Write-Host "Lays down scaffolding for the API App Registration $($fllmAppRegMetaData.Api.Name)" + # Update the API App Registration + Write-Host -ForegroundColor Yellow "Laying down scaffolding for the API App Registration $($fllmAppRegMetaData.Api.Name)" az rest --method PATCH --url "https://graph.microsoft.com/v1.0/applications/$($fllmAppRegMetaData.Api.ObjectId)" --header "Content-Type=application/json" --body "@$fllmApiConfigPath" - Write-host "Sleeping for 10 seconds to allow the API App Registration to be created before updating it." + Write-host -ForegroundColor Yellow "Sleeping for 10 seconds to allow the API App Registration to be created before updating it..." Start-Sleep -Seconds 10 ## Updates the API App Registration - Write-Host "Preparing updates for the API App Registration $($fllmAppRegMetaData.Api.Name)" + Write-Host -ForegroundColor Yellow "Preparing updates for the API App Registration $($fllmAppRegMetaData.Api.Name)" $appConfig = Get-content $fllmApiConfigPath | ConvertFrom-Json -Depth 20 if ($createClientApp) { $preAuthorizedApp = @( @@ -111,25 +139,25 @@ function New-FllmEntraIdApps { } $appConfig.identifierUris = @($($fllmAppRegMetaData.Api.Uri)) $appConfigUpdate = $appConfig | ConvertTo-Json -Depth 20 - Write-Host "Final Update to API App Registration $($fllmAppRegMetaData.Api.Name)" + Write-Host -ForegroundColor Yellow "Final Update to API App Registration $($fllmAppRegMetaData.Api.Name)" Set-Content -Path "$($fllmAppRegMetaData.Api.Name)`.json" $appConfigUpdate az rest --method PATCH --url "https://graph.microsoft.com/v1.0/applications/$($fllmAppRegMetaData.Api.ObjectId)" --header "Content-Type=application/json" --body "@$($fllmAppRegMetaData.Api.Name)`.json" - # Update the ClientApp Registration + # Update the Client App Registration if ($createClientApp) { - Write-Host "Lay down scaffolding for the ClientApp Registration $($fllmAppRegMetaData.Client.Name)" + Write-Host -ForegroundColor Yellow "Lay down scaffolding for the Client App Registration $($fllmAppRegMetaData.Client.Name)" az rest --method PATCH --url "https://graph.microsoft.com/v1.0/applications/$($fllmAppRegMetaData.Client.ObjectId)" --header "Content-Type=application/json" --body "@$fllmClientConfigPath" Start-Sleep -Seconds 10 - Write-host "Sleeping for 10 seconds to allow the API App Registration to be created before updating it." - ## Updates the ClientApp Registration - Write-Host "Preparing updates for the API App Registration $($fllmAppRegMetaData.Client.Name)" + Write-host -ForegroundColor Yellow "Sleeping for 10 seconds to allow the API App Registration to be created before updating it..." + ## Updates the Client App Registration + Write-Host -ForegroundColor Yellow "Preparing updates for the Client App Registration $($fllmAppRegMetaData.Client.Name)" $($fllmAppRegMetaData.Client).Uri = @("api://$($fllmAppRegMetaData.Client.Name)") $apiPermissions = @(@{"resourceAppId" = $($fllmAppRegMetaData.Client.AppId); "resourceAccess" = @(@{"id" = "$($appPermissionsId)"; "type" = "Scope" }) }, @{"resourceAppId" = "00000003-0000-0000-c000-000000000000"; "resourceAccess" = @(@{"id" = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"; "type" = "Scope" }) }) $appConfig = Get-content $fllmClientConfigPath | ConvertFrom-Json -Depth 20 $appConfig.identifierUris = @($($fllmAppRegMetaData.Client.Uri)) $appConfig.requiredResourceAccess = $apiPermissions $appConfigUpdate = $appConfig | ConvertTo-Json -Depth 20 - Write-Host "Final Update to ClientApp Registration $($fllmAppRegMetaData.Client.Name)" + Write-Host -ForegroundColor Yellow "Final Update to Client App Registration $($fllmAppRegMetaData.Client.Name)" Set-Content -Path "$($fllmAppRegMetaData.Client.Name)`.json" $appConfigUpdate az rest --method PATCH --url "https://graph.microsoft.com/v1.0/applications/$($fllmAppRegMetaData.Client.ObjectId)" --header "Content-Type=application/json" --body "@$($fllmAppRegMetaData.Client.Name)`.json" } @@ -144,38 +172,38 @@ function New-FllmEntraIdApps { $fllmAppRegs = @{} # Create FoundationaLLM Core App Registrations $params = @{ - fllmApi = $coreAppName - fllmClient = $coreClientAppName - fllmApiConfigPath = "foundationalllm.json" - fllmApiUri = "api://FoundationaLLM-Core" - fllmClientConfigPath = "foundationalllm-client.json" appPermissionsId = "6da07102-bb6a-421d-a71e-dfdb6031d3d8" appUrl = "" appUrlLocal = "http://localhost:3000/signin-oidc" + fllmApi = $coreAppName + fllmApiConfigPath = "foundationallm-core-api.template.json" + fllmApiUri = "api://FoundationaLLM-Core" + fllmClient = $coreClientAppName + fllmClientConfigPath = "foundationallm-core-portal.template.json" } $($fllmAppRegs).Core = New-FllmEntraIdApps @params # Create FoundationaLLM Management App Registrations $params = @{ - fllmApi = $mgmtAppName - fllmClient = $mgmtClientAppName - fllmApiConfigPath = "foundationalllm-management.json" - fllmApiUri = "api://FoundationaLLM-Management" - fllmClientConfigPath = "foundationalllm-managementclient.json" appPermissionsId = "c57f4633-0e58-455a-8ede-5de815fe6c9c" appUrl = "" appUrlLocal = "http://localhost:3001/signin-oidc" + fllmApi = $mgmtAppName + fllmApiConfigPath = "foundationallm-management-api.template.json" + fllmApiUri = "api://FoundationaLLM-Management" + fllmClient = $mgmtClientAppName + fllmClientConfigPath = "foundationallm-management-portal.template.json" } $($fllmAppRegs).Management = New-FllmEntraIdApps @params # Create FoundationaLLM Authorization App Registration $params = @{ - fllmApi = $authAppName - fllmApiConfigPath = "foundationalllm-authorization.json" - fllmApiUri = "api://FoundationaLLM-Authorization" appPermissionsId = "9e313dd4-51e4-4989-84d0-c713e38e467d" createClientApp = $false + fllmApi = $authAppName + fllmApiConfigPath = "foundationallm-authorization-api.template.json" + fllmApiUri = "api://FoundationaLLM-Authorization" } -$($fllmAppRegs).Authorization = New-FllmEntraIdApps @params +$($fllmAppRegs).Authorization = New-FllmEntraIdApps @params Write-Host $($fllmAppRegs | ConvertTo-Json) diff --git a/deploy/common/scripts/foundationalllm-authorization.json b/deploy/common/scripts/foundationalllm-authorization.json deleted file mode 100644 index f551573f1b..0000000000 --- a/deploy/common/scripts/foundationalllm-authorization.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "api": { - "oauth2PermissionScopes": [ - { - "adminConsentDescription": "Allows the app to manage data on behalf of the signed-in user.", - "adminConsentDisplayName": "Manage Authorization", - "id": "9e313dd4-51e4-4989-84d0-c713e38e467d", - "isEnabled": true, - "type": "User", - "userConsentDescription": " Allows the app to manage data on behalf of the signed-in user.", - "userConsentDisplayName": "Manage data on behalf of the users", - "value": "Authorization.Manage" - } - ], - "preAuthorizedApplications": [], - "requestedAccessTokenVersion": 2 - }, - "identifierUris": [], - "publicClient": { - "redirectUris": [ - "https://oauth.pstmn.io/v1/callback" - ] - }, - "servicePrincipalLockConfiguration": { - "allProperties": true, - "credentialsWithUsageSign": true, - "credentialsWithUsageVerify": true, - "identifierUris": false, - "isEnabled": true, - "tokenEncryptionKeyId": true - }, - "signInAudience": "AzureADMyOrg", - "spa": { - "redirectUris": [] - }, - "requiredResourceAccess": [ - { - "resourceAccess": [ - { - "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", - "type": "Scope" - } - ], - "resourceAppId": "00000003-0000-0000-c000-000000000000" - } - ], - "web": { - "implicitGrantSettings": { - "enableAccessTokenIssuance": true, - "enableIdTokenIssuance": true - }, - "redirectUris": [ - "http://localhost" - ] - } -} \ No newline at end of file diff --git a/deploy/common/scripts/foundationalllm-client.json b/deploy/common/scripts/foundationalllm-client.json deleted file mode 100644 index 2e0cc40c38..0000000000 --- a/deploy/common/scripts/foundationalllm-client.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "api": { - "requestedAccessTokenVersion": 2 - }, - "identifierUris": [], - "publicClient": { - "redirectUris": [ - "https://oauth.pstmn.io/v1/callback" - ] - }, - "requiredResourceAccess": [ - { - "resourceAccess": [ - { - "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", - "type": "Scope" - } - ], - "resourceAppId": "00000003-0000-0000-c000-000000000000" - } - ], - "servicePrincipalLockConfiguration": { - "allProperties": true, - "credentialsWithUsageSign": true, - "credentialsWithUsageVerify": true, - "identifierUris": false, - "isEnabled": true, - "tokenEncryptionKeyId": true - }, - "signInAudience": "AzureADMyOrg", - "spa": { - "redirectUris": [] - }, - "web": { - "implicitGrantSettings": { - "enableAccessTokenIssuance": true, - "enableIdTokenIssuance": true - } - } -} \ No newline at end of file diff --git a/deploy/common/scripts/foundationalllm-management.json b/deploy/common/scripts/foundationalllm-management.json deleted file mode 100644 index c2ed413f98..0000000000 --- a/deploy/common/scripts/foundationalllm-management.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "api": { - "oauth2PermissionScopes": [ - { - "adminConsentDescription": "Allows the app to manage data on behalf of the signed-in user.", - "adminConsentDisplayName": "Manage data on behalf of users", - "id": "c57f4633-0e58-455a-8ede-5de815fe6c9c", - "isEnabled": true, - "type": "User", - "userConsentDescription": " Allows the app to manage data on behalf of the signed-in user.", - "userConsentDisplayName": "Manage data on behalf of the users", - "value": "Data.Manage" - } - ], - "preAuthorizedApplications": [], - "requestedAccessTokenVersion": 2 - }, - "identifierUris": [], - "publicClient": { - "redirectUris": [ - "https://oauth.pstmn.io/v1/callback" - ] - }, - "servicePrincipalLockConfiguration": { - "allProperties": true, - "credentialsWithUsageSign": true, - "credentialsWithUsageVerify": true, - "identifierUris": false, - "isEnabled": true, - "tokenEncryptionKeyId": true - }, - "signInAudience": "AzureADMyOrg", - "spa": { - "redirectUris": [] - }, - "requiredResourceAccess": [ - { - "resourceAccess": [ - { - "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", - "type": "Scope" - } - ], - "resourceAppId": "00000003-0000-0000-c000-000000000000" - } - ], - "web": { - "implicitGrantSettings": { - "enableAccessTokenIssuance": true, - "enableIdTokenIssuance": true - }, - "redirectUris": [ - "http://localhost" - ] - } -} \ No newline at end of file diff --git a/deploy/common/scripts/foundationalllm-managementclient.json b/deploy/common/scripts/foundationalllm-managementclient.json deleted file mode 100644 index 456d0b7157..0000000000 --- a/deploy/common/scripts/foundationalllm-managementclient.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "api": { - "requestedAccessTokenVersion": 2 - }, - "identifierUris": [], - "publicClient": { - "redirectUris": [ - "https://oauth.pstmn.io/v1/callback" - ] - }, - "servicePrincipalLockConfiguration": { - "allProperties": true, - "credentialsWithUsageSign": true, - "credentialsWithUsageVerify": true, - "identifierUris": false, - "isEnabled": true, - "tokenEncryptionKeyId": true - }, - "signInAudience": "AzureADMyOrg", - "spa": { - "redirectUris": [] - }, - "requiredResourceAccess": [], - "web": { - "implicitGrantSettings": { - "enableAccessTokenIssuance": true, - "enableIdTokenIssuance": true - }, - "redirectUris": [ - "http://localhost" - ] - } -} \ No newline at end of file diff --git a/deploy/common/scripts/foundationalllm-vectorization.json b/deploy/common/scripts/foundationalllm-vectorization.json deleted file mode 100644 index 37ee660002..0000000000 --- a/deploy/common/scripts/foundationalllm-vectorization.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "api": { - "oauth2PermissionScopes": [ - { - "adminConsentDescription": "Allows the app to manage data on behalf of the signed-in user.", - "adminConsentDisplayName": "Manage data on behalf of users", - "id": "b2061dc7-ac14-4ce2-9dcc-7f1ac0d8a238", - "isEnabled": true, - "type": "User", - "userConsentDescription": " Allows the app to manage data on behalf of the signed-in user.", - "userConsentDisplayName": "Manage data on behalf of the users", - "value": "Data.Manage" - } - ], - "preAuthorizedApplications": [], - "requestedAccessTokenVersion": 2 - }, - "identifierUris": [], - "publicClient": { - "redirectUris": [ - "https://oauth.pstmn.io/v1/callback" - ] - }, - "servicePrincipalLockConfiguration": { - "allProperties": true, - "credentialsWithUsageSign": true, - "credentialsWithUsageVerify": true, - "identifierUris": false, - "isEnabled": true, - "tokenEncryptionKeyId": true - }, - "signInAudience": "AzureADMyOrg", - "spa": { - "redirectUris": [] - }, - "requiredResourceAccess": [ - { - "resourceAccess": [ - { - "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", - "type": "Scope" - } - ], - "resourceAppId": "00000003-0000-0000-c000-000000000000" - } - ], - "web": { - "implicitGrantSettings": { - "enableAccessTokenIssuance": true, - "enableIdTokenIssuance": true - }, - "redirectUris": [ - "http://localhost" - ] - } -} \ No newline at end of file diff --git a/deploy/common/scripts/foundationalllm.json b/deploy/common/scripts/foundationalllm.json deleted file mode 100644 index abc8f1bcfa..0000000000 --- a/deploy/common/scripts/foundationalllm.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "api": { - "oauth2PermissionScopes": [ - { - "adminConsentDescription": "Allows the app to read data on behalf of the signed-in user.", - "adminConsentDisplayName": "Read data on behalf of users", - "id": "6da07102-bb6a-421d-a71e-dfdb6031d3d8", - "isEnabled": true, - "type": "User", - "userConsentDescription": "Allows the app to read data on behalf of the signed-in user.", - "userConsentDisplayName": "Read data on behalf of users", - "value": "Data.Read" - } - ], - "preAuthorizedApplications": [], - "requestedAccessTokenVersion": 2 - }, - "identifierUris": [], - "publicClient": { - "redirectUris": [ - "https://oauth.pstmn.io/v1/callback" - ] - }, - "servicePrincipalLockConfiguration": { - "allProperties": true, - "credentialsWithUsageSign": true, - "credentialsWithUsageVerify": true, - "identifierUris": false, - "isEnabled": true, - "tokenEncryptionKeyId": true - }, - "signInAudience": "AzureADMyOrg", - "spa": { - "redirectUris": [] - }, - "requiredResourceAccess": [ - { - "resourceAccess": [ - { - "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", - "type": "Scope" - } - ], - "resourceAppId": "00000003-0000-0000-c000-000000000000" - } - ], - "web": { - "implicitGrantSettings": { - "enableAccessTokenIssuance": true, - "enableIdTokenIssuance": true - }, - "redirectUris": [ - "http://localhost" - ] - } -} \ No newline at end of file diff --git a/deploy/common/scripts/foundationallm-authorization-api.template.json b/deploy/common/scripts/foundationallm-authorization-api.template.json new file mode 100644 index 0000000000..c46f13b937 --- /dev/null +++ b/deploy/common/scripts/foundationallm-authorization-api.template.json @@ -0,0 +1,56 @@ +{ + "api": { + "oauth2PermissionScopes": [ + { + "adminConsentDescription": "Allows the app to manage data on behalf of the signed-in user.", + "adminConsentDisplayName": "Manage Authorization", + "id": "9e313dd4-51e4-4989-84d0-c713e38e467d", + "isEnabled": true, + "type": "User", + "userConsentDescription": " Allows the app to manage data on behalf of the signed-in user.", + "userConsentDisplayName": "Manage data on behalf of the users", + "value": "Authorization.Manage" + } + ], + "preAuthorizedApplications": [], + "requestedAccessTokenVersion": 2 + }, + "identifierUris": [], + "publicClient": { + "redirectUris": [ + "https://oauth.pstmn.io/v1/callback" + ] + }, + "servicePrincipalLockConfiguration": { + "allProperties": true, + "credentialsWithUsageSign": true, + "credentialsWithUsageVerify": true, + "identifierUris": false, + "isEnabled": true, + "tokenEncryptionKeyId": true + }, + "signInAudience": "AzureADMyOrg", + "spa": { + "redirectUris": [] + }, + "requiredResourceAccess": [ + { + "resourceAccess": [ + { + "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", + "type": "Scope" + } + ], + "resourceAppId": "00000003-0000-0000-c000-000000000000" + } + ], + "web": { + "implicitGrantSettings": { + "enableAccessTokenIssuance": true, + "enableIdTokenIssuance": true + }, + "redirectUris": [ + "http://localhost" + ] + } +} diff --git a/deploy/common/scripts/foundationallm-core-api.template.json b/deploy/common/scripts/foundationallm-core-api.template.json new file mode 100644 index 0000000000..f9fffc1949 --- /dev/null +++ b/deploy/common/scripts/foundationallm-core-api.template.json @@ -0,0 +1,56 @@ +{ + "api": { + "oauth2PermissionScopes": [ + { + "adminConsentDescription": "Allows the app to read data on behalf of the signed-in user.", + "adminConsentDisplayName": "Read data on behalf of users", + "id": "6da07102-bb6a-421d-a71e-dfdb6031d3d8", + "isEnabled": true, + "type": "User", + "userConsentDescription": "Allows the app to read data on behalf of the signed-in user.", + "userConsentDisplayName": "Read data on behalf of users", + "value": "Data.Read" + } + ], + "preAuthorizedApplications": [], + "requestedAccessTokenVersion": 2 + }, + "identifierUris": [], + "publicClient": { + "redirectUris": [ + "https://oauth.pstmn.io/v1/callback" + ] + }, + "servicePrincipalLockConfiguration": { + "allProperties": true, + "credentialsWithUsageSign": true, + "credentialsWithUsageVerify": true, + "identifierUris": false, + "isEnabled": true, + "tokenEncryptionKeyId": true + }, + "signInAudience": "AzureADMyOrg", + "spa": { + "redirectUris": [] + }, + "requiredResourceAccess": [ + { + "resourceAccess": [ + { + "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", + "type": "Scope" + } + ], + "resourceAppId": "00000003-0000-0000-c000-000000000000" + } + ], + "web": { + "implicitGrantSettings": { + "enableAccessTokenIssuance": true, + "enableIdTokenIssuance": true + }, + "redirectUris": [ + "http://localhost" + ] + } +} diff --git a/deploy/common/scripts/foundationallm-core-portal.template.json b/deploy/common/scripts/foundationallm-core-portal.template.json new file mode 100644 index 0000000000..7977749e31 --- /dev/null +++ b/deploy/common/scripts/foundationallm-core-portal.template.json @@ -0,0 +1,40 @@ +{ + "api": { + "requestedAccessTokenVersion": 2 + }, + "identifierUris": [], + "publicClient": { + "redirectUris": [ + "https://oauth.pstmn.io/v1/callback" + ] + }, + "requiredResourceAccess": [ + { + "resourceAccess": [ + { + "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", + "type": "Scope" + } + ], + "resourceAppId": "00000003-0000-0000-c000-000000000000" + } + ], + "servicePrincipalLockConfiguration": { + "allProperties": true, + "credentialsWithUsageSign": true, + "credentialsWithUsageVerify": true, + "identifierUris": false, + "isEnabled": true, + "tokenEncryptionKeyId": true + }, + "signInAudience": "AzureADMyOrg", + "spa": { + "redirectUris": [] + }, + "web": { + "implicitGrantSettings": { + "enableAccessTokenIssuance": true, + "enableIdTokenIssuance": true + } + } +} diff --git a/deploy/common/scripts/foundationallm-management-api.template.json b/deploy/common/scripts/foundationallm-management-api.template.json new file mode 100644 index 0000000000..6a6bdf7fc8 --- /dev/null +++ b/deploy/common/scripts/foundationallm-management-api.template.json @@ -0,0 +1,56 @@ +{ + "api": { + "oauth2PermissionScopes": [ + { + "adminConsentDescription": "Allows the app to manage data on behalf of the signed-in user.", + "adminConsentDisplayName": "Manage data on behalf of users", + "id": "c57f4633-0e58-455a-8ede-5de815fe6c9c", + "isEnabled": true, + "type": "User", + "userConsentDescription": " Allows the app to manage data on behalf of the signed-in user.", + "userConsentDisplayName": "Manage data on behalf of the users", + "value": "Data.Manage" + } + ], + "preAuthorizedApplications": [], + "requestedAccessTokenVersion": 2 + }, + "identifierUris": [], + "publicClient": { + "redirectUris": [ + "https://oauth.pstmn.io/v1/callback" + ] + }, + "servicePrincipalLockConfiguration": { + "allProperties": true, + "credentialsWithUsageSign": true, + "credentialsWithUsageVerify": true, + "identifierUris": false, + "isEnabled": true, + "tokenEncryptionKeyId": true + }, + "signInAudience": "AzureADMyOrg", + "spa": { + "redirectUris": [] + }, + "requiredResourceAccess": [ + { + "resourceAccess": [ + { + "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", + "type": "Scope" + } + ], + "resourceAppId": "00000003-0000-0000-c000-000000000000" + } + ], + "web": { + "implicitGrantSettings": { + "enableAccessTokenIssuance": true, + "enableIdTokenIssuance": true + }, + "redirectUris": [ + "http://localhost" + ] + } +} diff --git a/deploy/common/scripts/foundationallm-management-portal.template.json b/deploy/common/scripts/foundationallm-management-portal.template.json new file mode 100644 index 0000000000..e50a7e0c2b --- /dev/null +++ b/deploy/common/scripts/foundationallm-management-portal.template.json @@ -0,0 +1,33 @@ +{ + "api": { + "requestedAccessTokenVersion": 2 + }, + "identifierUris": [], + "publicClient": { + "redirectUris": [ + "https://oauth.pstmn.io/v1/callback" + ] + }, + "servicePrincipalLockConfiguration": { + "allProperties": true, + "credentialsWithUsageSign": true, + "credentialsWithUsageVerify": true, + "identifierUris": false, + "isEnabled": true, + "tokenEncryptionKeyId": true + }, + "signInAudience": "AzureADMyOrg", + "spa": { + "redirectUris": [] + }, + "requiredResourceAccess": [], + "web": { + "implicitGrantSettings": { + "enableAccessTokenIssuance": true, + "enableIdTokenIssuance": true + }, + "redirectUris": [ + "http://localhost" + ] + } +}