Skip to main content

entra oauth2grant list

Lists OAuth2 permission grants for the specified service principal

Usage

m365 entra oauth2grant list [options]

Options

-i, --spObjectId <spObjectId>

objectId of the service principal for which the configured OAuth2 permission grants should be retrieved.

-h, --help [help]

Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, response, full. Default is options.

--query [query]

JMESPath query string. See http://jmespath.org/ for more information and examples.

-o, --output [output]

Output type. json, text, csv, md, none. Default json.

--verbose

Runs command with verbose logging.

--debug

Runs command with debug logging.

Remarks

In order to list existing OAuth2 permissions granted to a service principal, you need its objectId. You can retrieve it using the entra enterpriseapp get command.

When using the text output type (default), the command lists only the values of the objectId, resourceId and scope properties of the OAuth grant. When setting the output type to JSON, all available properties are included in the command output.

Examples

List OAuth2 permissions granted to service principal with objectId b2307a39-e878-458b-bc90-03bc578531d6.

m365 entra oauth2grant list --spObjectId b2307a39-e878-458b-bc90-03bc578531d6

Response

[
  {
    "clientId": "283f45c9-6b6f-4d15-a7b8-da2c2f3f6e67",
    "consentType": "AllPrincipals",
    "id": "yUU_KG9rFU2nuNosLz9uZ0SVQmWC1_RCvP7NnEv1Zus",
    "principalId": null,
    "resourceId": "65429544-d782-42f4-bcfe-cd9c4bf566eb",
    "scope": "Mail.Read Mail.Send"
  }
]

More information

CTRL + M