You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/develop/reference-app-manifest.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -45,9 +45,9 @@ To configure the application manifest:
45
45
46
46
| Key | Value type | Description | Example value |
47
47
|---------|---------|---------|---------|
48
-
|`accessTokenAcceptedVersion`| Nullable Int32 | Specifies the access token version expected by the resource. This changes the version and format of the JWT produced independent of the endpoint or client used to request the access token.<br/><br/>The endpoint used, v1.0 or v2.0, is chosen by the client and only impacts the version of id_tokens. Resources need to explicitly configure `accesstokenAcceptedVersion` to indicate the supported access token format.<br/><br/>Possible values for `accesstokenAcceptedVersion` are 1, 2, or null. If the value is null, this defaults to 1, which corresponds to the v1.0 endpoint. <br/><br/>If `signInAudience` is `AzureADandPersonalMicrosoftAccount`, the value must be `2`|`2`|
49
-
|`addIns`| Collection | Defines custom behavior that a consuming service can use to call an app in specific contexts. For example, applications that can render file streams may set the addIns property for its "FileHandler" functionality. This will let services like Office 365 call the application in the context of a document the user is working on. | <code>{<br> "id":"968A844F-7A47-430C-9163-07AE7C31D407"<br> "type": "FileHandler",<br> "properties": [<br> {"key": "version", "value": "2" }<br> ]<br>}</code>|
50
-
|`allowPublicClient`| Boolean | Specifies the fallback application type. Azure AD infers the application type from the replyUrlsWithType by default. There are certain scenarios where Azure AD cannot determine the client app type (e.g. [ROPC](https://tools.ietf.org/html/rfc6749#section-4.3) flow where HTTP request happens without a URL redirection). In those cases Azure AD will interpret the application type based on the value of this property. If this value is set to true the fallback application type is set as public client, such as an installed app running on a mobile device. The default value is false which means the fallback application type is confidential client such as web app. |`false`|
48
+
|`accessTokenAcceptedVersion`| Nullable Int32 | Specifies the access token version expected by the resource. This parameter changes the version and format of the JWT produced independent of the endpoint or client used to request the access token.<br/><br/>The endpoint used, v1.0 or v2.0, is chosen by the client and only impacts the version of id_tokens. Resources need to explicitly configure `accesstokenAcceptedVersion` to indicate the supported access token format.<br/><br/>Possible values for `accesstokenAcceptedVersion` are 1, 2, or null. If the value is null, this parameter defaults to 1, which corresponds to the v1.0 endpoint. <br/><br/>If `signInAudience` is `AzureADandPersonalMicrosoftAccount`, the value must be `2`|`2`|
49
+
|`addIns`| Collection | Defines custom behavior that a consuming service can use to call an app in specific contexts. For example, applications that can render file streams may set the addIns property for its "FileHandler" functionality. This parameter will let services like Office 365 call the application in the context of a document the user is working on. | <code>{<br> "id":"968A844F-7A47-430C-9163-07AE7C31D407"<br> "type": "FileHandler",<br> "properties": [<br> {"key": "version", "value": "2" }<br> ]<br>}</code>|
50
+
|`allowPublicClient`| Boolean | Specifies the fallback application type. Azure AD infers the application type from the replyUrlsWithType by default. There are certain scenarios where Azure AD can't determine the client app type. For example, one such scenario is the [ROPC](https://tools.ietf.org/html/rfc6749#section-4.3) flow where HTTP request happens without a URL redirection). In those cases, Azure AD will interpret the application type based on the value of this property. If this value is set to true the fallback application type is set as public client, such as an installed app running on a mobile device. The default value is false which means the fallback application type is confidential client such as web app. |`false`|
51
51
|`availableToOtherTenants`| Boolean | true if the application is shared with other tenants; otherwise, false. <br><br> _Note: This is available only in App registrations (Legacy) experience. Replaced by `signInAudience` in the [App registrations](https://go.microsoft.com/fwlink/?linkid=2083908) experience._||
52
52
|`appId`| String | Specifies the unique identifier for the app that is assigned to an app by Azure AD. |`"601790de-b632-4f57-9523-ee7cb6ceba95"`|
53
53
|`appRoles`| Collection | Specifies the collection of roles that an app may declare. These roles can be assigned to users, groups, or service principals. For more examples and info, see [Add app roles in your application and receive them in the token](howto-add-app-roles-in-azure-ad-apps.md)| <code>[<br> {<br> "allowedMemberTypes": [<br>  "User"<br> ],<br> "description":"Read-only access to device information",<br> "displayName":"Read Only",<br> "id":guid,<br> "isEnabled":true,<br> "value":"ReadOnly"<br> }<br>]</code> |
@@ -60,8 +60,8 @@ To configure the application manifest:
60
60
|`id`| String | The unique identifier for the app in the directory. This ID is not the identifier used to identify the app in any protocol transaction. It's used for the referencing the object in directory queries. |`"f7f9acfc-ae0c-4d6c-b489-0a81dc1652dd"`|
61
61
|`identifierUris`| String Array | User-defined URI(s) that uniquely identify a Web app within its Azure AD tenant, or within a verified custom domain if the app is multi-tenant. | <code>[<br> "https://MyRegisteredApp"<br>]</code> |
62
62
|`informationalUrls`| String | Specifies the links to the app's terms of service and privacy statement. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see [How to: Add Terms of service and privacy statement for registered Azure AD apps](howto-add-terms-of-service-privacy-statement.md). | <code>{<br> "marketing":"https://MyRegisteredApp/marketing",<br> "privacy":"https://MyRegisteredApp/privacystatement",<br> "support":"https://MyRegisteredApp/support",<br> "termsOfService":"https://MyRegisteredApp/termsofservice"<br>}</code> |
63
-
|`keyCredentials`| Collection | Holds references to app-assigned credentials, string-based shared secrets and X.509 certificates. These credentials are used when requesting access tokens (when the app is acting as a client rather that as resource). | <code>[<br> {<br> "customKeyIdentifier":null,<br> "endDate":"2018-09-13T00:00:00Z",<br> "keyId":"\<guid>",<br> "startDate":"2017-09-12T00:00:00Z",<br> "type":"AsymmetricX509Cert",<br> "usage":"Verify",<br> "value":null<br> }<br>]</code> |
64
-
|`knownClientApplications`| String Array | Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app. If you enter the appID of the client app into this value, the user will only have to consent once to the client app. Azure AD will know that consenting to the client means implicitly consenting to the web API and will automatically provision service principals for both the client and web API at the same time. Both the client and the web API app must be registered in the same tenant. |`["f7f9acfc-ae0c-4d6c-b489-0a81dc1652dd"]`|
63
+
|`keyCredentials`| Collection | Holds references to app-assigned credentials, string-based shared secrets and X.509 certificates. ). | <code>[<br> {<br> &These credentials are used when requesting access tokens (when the app is acting as a client rather that as resourcenbsp; "customKeyIdentifier":null,<br> "endDate":"2018-09-13T00:00:00Z",<br> "keyId":"\<guid>",<br> "startDate":"2017-09-12T00:00:00Z",<br> "type":"AsymmetricX509Cert",<br> "usage":"Verify",<br> "value":null<br> }<br>]</code> |
64
+
|`knownClientApplications`| String Array | Used for bundling consent if you have a solution that contains two parts: a client app and a custom web API app. If you enter the appID of the client app into this value, the user will only have to consent once to the client app. Azure AD will know that consenting to the client means implicitly consenting to the web API. It will automatically provision service principals for both the client and web API at the same time. Both the client and the web API app must be registered in the same tenant. |`["f7f9acfc-ae0c-4d6c-b489-0a81dc1652dd"]`|
65
65
|`logoUrl`| String | Read only value that points to the CDN URL to logo that was uploaded in the portal. |`"https://MyRegisteredAppLogo"`|
66
66
|`logoutUrl`| String | The URL to log out of the app. |`"https://MyRegisteredAppLogout"`|
67
67
|`name`| String | The display name for the app. |`"MyRegisteredApp"`|
@@ -86,7 +86,7 @@ To configure the application manifest:
86
86
87
87
### Manifest limits
88
88
89
-
An application manifest has multiple attributes that are referred to as collections; for example, approles, keycredentials, knownClientApplications, identifierUris, rediretUris, requiredResourceAccess, and oauth2Permissions. Within the complete application manifest for any application, the total number of entries in all the collections combined has been capped at 1200. If you already have 100 redirect URIs specified in the application manifest, then you're only left with 1100 remaining entries to use across all other collections combined that make up the manifest.
89
+
An application manifest has multiple attributes that are referred to as collections; for example, approles, keycredentials, knownClientApplications, identifierUris, rediretUris, requiredResourceAccess, and oauth2Permissions. Within the complete application manifest for any application, the total number of entries in all the collections combined has been capped at 1200. If you previously specify 100 redirect URIs in the application manifest, then you're only left with 1100 remaining entries to use across all other collections combined that make up the manifest.
90
90
91
91
> [!NOTE]
92
92
> In case you try to add more than 1200 entries in the application manifest, you may see an error **"Failed to update application xxxxxx. Error details: The size of the manifest has exceeded its limit. Please reduce the number of values and retry your request."**
@@ -124,7 +124,7 @@ When you see one of these errors, we recommend the following actions:
124
124
## Next steps
125
125
126
126
* For more info on the relationship between an app's application and service principal object(s), see [Application and service principal objects in Azure AD](app-objects-and-service-principals.md).
127
-
* See the [Microsoft identity platform developer glossary](developer-glossary.md) for definitions of some of the core Microsoft identity platform developer concepts.
127
+
* See the [Microsoft identity platform developer glossary](developer-glossary.md) for definitions of some core Microsoft identity platform developer concepts.
128
128
129
129
Use the following comments section to provide feedback that helps refine and shape our content.
0 commit comments