You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/develop/reference-app-manifest.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -72,14 +72,14 @@ To configure the application manifest:
72
72
|`parentalControlSettings`| String |`countriesBlockedForMinors` specifies the countries in which the app is blocked for minors.<br>`legalAgeGroupRule` specifies the legal age group rule that applies to users of the app. Can be set to `Allow`, `RequireConsentForPrivacyServices`, `RequireConsentForMinors`, `RequireConsentForKids`, or `BlockMinors`. | <code>{<br> "countriesBlockedForMinors":[],<br> "legalAgeGroupRule":"Allow"<br>} </code> |
73
73
|`passwordCredentials`| Collection | See the description for the `keyCredentials` property. | <code>[<br> {<br> "customKeyIdentifier":null,<br> "endDate":"2018-10-19T17:59:59.6521653Z",<br> "keyId":"\<guid>",<br> "startDate":"2016-10-19T17:59:59.6521653Z",<br> "value":null<br> }<br>] </code> |
74
74
|`preAuthorizedApplications`| Collection | Lists applications and requested permissions for implicit consent. Requires an admin to have provided consent to the application. preAuthorizedApplications do not require the user to consent to the requested permissions. Permissions listed in preAuthorizedApplications do not require user consent. However, any additional requested permissions not listed in preAuthorizedApplications require user consent. | <code>[<br> {<br> "appId": "abcdefg2-000a-1111-a0e5-812ed8dd72e8",<br> "permissionIds": [<br> "8748f7db-21fe-4c83-8ab5-53033933c8f1"<br> ]<br> }<br>]</code> |
75
-
|`publicClient`| Boolean | Specifies whether this application is a public client (such as an installed application running on a mobile device). <br><br> _Note: This is available only in App registrations (Legacy) experience. Replaced by `allowPublicClient` in the [App registrations](https://go.microsoft.com/fwlink/?linkid=2083908) experience._||
75
+
|`publicClient`| Boolean | Specifies whether this application is a public client (such as an installed application running on a mobile device). <br><br> _Note: This property is available only in App registrations (Legacy) experience. Replaced by `allowPublicClient` in the [App registrations](https://go.microsoft.com/fwlink/?linkid=2083908) experience._||
76
76
|`publisherDomain`| String | The verified publisher domain for the application. Read-only. |https://www.contoso.com|
77
-
|`replyUrls`| String array | This multi-value property holds the list of registered redirect_uri values that Azure AD will accept as destinations when returning tokens. <br><br> _Note: This is available only in App registrations (Legacy) experience. Replaced by `replyUrlsWithType` in the [App registrations](https://go.microsoft.com/fwlink/?linkid=2083908) experience._||
77
+
|`replyUrls`| String array | This multi-value property holds the list of registered redirect_uri values that Azure AD will accept as destinations when returning tokens. <br><br> _Note: This property is available only in App registrations (Legacy) experience. Replaced by `replyUrlsWithType` in the [App registrations](https://go.microsoft.com/fwlink/?linkid=2083908) experience._||
78
78
|`replyUrlsWithType`| Collection | This multi-value property holds the list of registered redirect_uri values that Azure AD will accept as destinations when returning tokens. Each URI value should contain an associated app type value. Supported type values are: <ul><li>`Web`</li><li>`InstalledClient`</li></ul><br> Learn more about [replyUrl restrictions and limitations](https://docs.microsoft.com/azure/active-directory/develop/reply-url). | <code>"replyUrlsWithType": [<br> {<br> "url": "https://localhost:4400/services/office365/redirectTarget.html",<br> "type": "InstalledClient" <br> }<br>]</code> |
79
-
| `requiredResourceAccess` | Collection | With dynamic consent, `requiredResourceAccess` drives the admin consent experience and the user consent experience for users who are using static consent. However, this does not drive the user consent experience for the general case.<br>`resourceAppId` is the unique identifier for the resource that the app requires access to. This value should be equal to the appId declared on the target resource app.<br>`resourceAccess` is an array that lists the OAuth2.0 permission scopes and app roles that the app requires from the specified resource. Contains the `id` and `type` values of the specified resources. | <code>[<br> {<br> "resourceAppId":"00000002-0000-0000-c000-000000000000",<br> "resourceAccess":[<br> {<br> "id":"311a71cc-e848-46a1-bdf8-97ff7156d8e6",<br> "type":"Scope"<br> }<br> ]<br> }<br>] </code> |
79
+
| `requiredResourceAccess` | Collection | With dynamic consent, `requiredResourceAccess` drives the admin consent experience and the user consent experience for users who are using static consent. However, this parameter doesn't drive the user consent experience for the general case.<br>`resourceAppId` is the unique identifier for the resource that the app requires access to. This value should be equal to the appId declared on the target resource app.<br>`resourceAccess` is an array that lists the OAuth2.0 permission scopes and app roles that the app requires from the specified resource. Contains the `id` and `type` values of the specified resources. | <code>[<br> {<br> "resourceAppId":"00000002-0000-0000-c000-000000000000",<br> "resourceAccess":[<br> {<br> "id":"311a71cc-e848-46a1-bdf8-97ff7156d8e6",<br> "type":"Scope"<br> }<br> ]<br> }<br>] </code> |
80
80
|`samlMetadataUrl`| String | The URL to the SAML metadata for the app. |`https://MyRegisteredAppSAMLMetadata`|
81
81
|`signInUrl`| String | Specifies the URL to the app's home page. |`https://MyRegisteredApp`|
82
-
|`signInAudience`| String | Specifies what Microsoft accounts are supported for the current application. Supported values are:<ul><li>**AzureADMyOrg** - Users with a Microsoft work or school account in my organization’s Azure AD tenant (i.e. single tenant)</li><li>**AzureADMultipleOrgs** - Users with a Microsoft work or school account in any organization’s Azure AD tenant (i.e. multi-tenant)</li> <li>**AzureADandPersonalMicrosoftAccount** - Users with a personal Microsoft account, or a work or school account in any organization’s Azure AD tenant</li></ul> |`AzureADandPersonalMicrosoftAccount`|
82
+
|`signInAudience`| String | Specifies what Microsoft accounts are supported for the current application. Supported values are:<ul><li>**AzureADMyOrg** - Users with a Microsoft work or school account in my organization’s Azure AD tenant (for example, single tenant)</li><li>**AzureADMultipleOrgs** - Users with a Microsoft work or school account in any organization’s Azure AD tenant (for example, multi-tenant)</li> <li>**AzureADandPersonalMicrosoftAccount** - Users with a personal Microsoft account, or a work or school account in any organization’s Azure AD tenant</li></ul> |`AzureADandPersonalMicrosoftAccount`|
83
83
|`tags`| String Array | Custom strings that can be used to categorize and identify the application. | <code>[<br> "ProductionApp"<br>]</code> |
84
84
85
85
## Common issues
@@ -93,7 +93,7 @@ An application manifest has multiple attributes that are referred to as collecti
93
93
94
94
### Unsupported attributes
95
95
96
-
The application manifest represents the schema of the underlying application model in Azure AD. As the underlying schema evolves, the manifest editor will be updated to reflect the new schema from time to time. As a result, you may notice new attributes showing up in the application manifest. In rare occasions, you may notice a syntactic or semantic change in the existing attributes or you may find an attribute that existed previously are not supported anymore. For example, you will see new attributes in the [App registrations](https://go.microsoft.com/fwlink/?linkid=2083908) which are known with a different name in the App registrations (Legacy) experience.
96
+
The application manifest represents the schema of the underlying application model in Azure AD. As the underlying schema evolves, the manifest editor will be updated to reflect the new schema from time to time. As a result, you may notice new attributes showing up in the application manifest. In rare occasions, you may notice a syntactic or semantic change in the existing attributes or you may find an attribute that existed previously are not supported anymore. For example, you will see new attributes in the [App registrations](https://go.microsoft.com/fwlink/?linkid=2083908), which are known with a different name in the App registrations (Legacy) experience.
97
97
98
98
99
99
| App registrations (Legacy)| App registrations |
@@ -108,15 +108,15 @@ The application manifest represents the schema of the underlying application mod
108
108
109
109
For descriptions for these attributes, see the [manifest reference](#manifest-reference) section.
110
110
111
-
When you try to upload a previously downloaded manifest, you may see one of the following errors. This is likely because the manifest editor now supports a newer version of the schema, which doesn't match with the one you're trying to upload.
111
+
When you try to upload a previously downloaded manifest, you may see one of the following errors. This error is likely because the manifest editor now supports a newer version of the schema, which doesn't match with the one you're trying to upload.
- "**Failed to update xxxxxx application. Error detail: One or more property values specified are invalid. [].**"
115
115
- "**Failed to update xxxxxx application. Error detail: Not allowed to set availableToOtherTenants in this api version for update. [].**"
116
-
- "**Failed to update xxxxxx application. Error detail: Updates to 'replyUrls' property is not allowed for this application. Use 'replyUrlsWithType' property instead. [].**"
117
-
- "**Failed to update xxxxxx application. Error detail: A value without a type name was found and no expected type is available. When the model is specified, each value in the payload must have a type which can be either specified in the payload, explicitly by the caller or implicitly inferred from the parent value. []**"
116
+
- "**Failed to update xxxxxx application. Error detail: Updates to 'replyUrls' property isn't allowed for this application. Use 'replyUrlsWithType' property instead. [].**"
117
+
- "**Failed to update xxxxxx application. Error detail: A value without a type name was found and no expected type is available. When the model is specified, each value in the payload must have a type that can be either specified in the payload, explicitly by the caller or implicitly inferred from the parent value. []**"
118
118
119
-
When you see one of these errors, we recommend the following:
119
+
When you see one of these errors, we recommend the following actions:
120
120
121
121
1. Edit the attributes individually in the manifest editor instead of uploading a previously downloaded manifest. Use the [manifest reference](#manifest-reference) table to understand the syntax and semantics of old and new attributes so that you can successfully edit the attributes you're interested in.
122
122
1. If your workflow requires you to save the manifests in your source repository for use later, we suggest rebasing the saved manifests in your repository with the one you see in the **App registrations** experience.
0 commit comments