---
title: Applications (MS Graph API)
description: The MS Graph API connector lets you read and manage applications.
component: openicf
page_id: openicf:connector-reference:msgraph-applications
canonical_url: https://docs.pingidentity.com/openicf/connector-reference/msgraph-applications.html
section_ids:
  msgraph-query-all-apps: Query all applications
  msgraph-read-app: Read an application
  msgraph-create-app: Create an application
  msgraph-add-pass-secret-app: Add a password (client secret) to an application
  msgraph-update-app: Update an application
  msgraph-delete-app: Delete an application
---

# Applications (MS Graph API)

The MS Graph API connector lets you read and manage applications.

## Query all applications

```
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request GET \
"http://localhost:8080/openidm/system/azuread/application?_queryFilter=true"
```

## Read an application

Request

```
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request GET \
"http://localhost:8080/openidm/system/azuread/application/e2dcfa77-5222-4715-a043-98baac00683d"
```

Response

```json
{
  "_id": "e2dcfa77-5222-4715-a043-98baac00683d",
  "tags": [],
  "spa": {
    "redirectUris": []
  },
  "parentalControlSettings": {
    "legalAgeGroupRule": "Allow",
    "countriesBlockedForMinors": []
  },
  "api": {
    "requestedAccessTokenVersion": 2,
    "knownClientApplications": [],
    "oauth2PermissionScopes": [],
    "preAuthorizedApplications": []
  },
  "passwordCredentials": [],
  "info": {},
  "addIns": [],
  "keyCredentials": [],
  "publicClient": {
    "redirectUris": []
  },
  "verifiedPublisher": {},
  "identifierUris": [],
  "web": {
    "implicitGrantSettings": {
      "enableAccessTokenIssuance": false,
      "enableIdTokenIssuance": false
    },
    "redirectUris": []
  },
  "publisherDomain": "example.com",
  "createdDateTime": "2023-05-05T20:40:02Z",
  "displayName": "Test-Application",
  "appRoles": [],
  "isDeviceOnlyAuthSupported": false,
  "appId": "bc146d82-be72-4e16-814d-76e977ad198e",
  "signInAudience": "AzureADandPersonalMicrosoftAccount",
  "requiredResourceAccess": [
    {
      "resourceAppId": "00000002-0000-0000-c000-000000000000",
      "resourceAccess": [
        {
          "id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
          "type": "Scope"
        }
      ]
    }
  ]
}
```

## Create an application

Request

```
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--header "Content-Type: application/json" \
--request POST \
--data '{
  "displayName": "Test-Application",
  "requiredResourceAccess": [
    {
      "resourceAppId": "00000002-0000-0000-c000-000000000000",
      "resourceAccess": [
        {
          "id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
          "type": "Scope"
        }
      ]
    }
  ]
}' \
"http://localhost:8080/openidm/system/azuread/application"
```

Response

```json
{
  "_id": "e2dcfa77-5222-4715-a043-98baac00683d",
  "tags": [],
  "spa": {
    "redirectUris": []
  },
  "parentalControlSettings": {
    "legalAgeGroupRule": "Allow",
    "countriesBlockedForMinors": []
  },
  "api": {
    "requestedAccessTokenVersion": 2,
    "knownClientApplications": [],
    "oauth2PermissionScopes": [],
    "preAuthorizedApplications": []
  },
  "passwordCredentials": [],
  "info": {},
  "addIns": [],
  "keyCredentials": [],
  "publicClient": {
    "redirectUris": []
  },
  "verifiedPublisher": {},
  "identifierUris": [],
  "web": {
    "implicitGrantSettings": {
      "enableAccessTokenIssuance": false,
      "enableIdTokenIssuance": false
    },
    "redirectUris": []
  },
  "publisherDomain": "example.com",
  "createdDateTime": "2023-05-05T20:40:02Z",
  "displayName": "Test-Application",
  "appRoles": [],
  "isDeviceOnlyAuthSupported": false,
  "appId": "bc146d82-be72-4e16-814d-76e977ad198e",
  "signInAudience": "AzureADandPersonalMicrosoftAccount",
  "requiredResourceAccess": [
    {
      "resourceAppId": "00000002-0000-0000-c000-000000000000",
      "resourceAccess": [
        {
          "id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
          "type": "Scope"
        }
      ]
    }
  ]
}
```

## Add a password (client secret) to an application

Adding `passwordCredential` when creating applications is not supported. You must use the `addPassword` method to add passwords or secrets to an application.

Some actions require more than a UUID on return and have no object to follow up with a subsequent read. In this instance, you can use the `scriptOnConnector` action, which requires at least the `builtinAction` parameter. Adding client secrets using this method requires the parameter `builtinAction=addPassword`. You can learn more about the other required parameter `applicationId` and optional parameters in the [Microsoft Graph documentation](https://learn.microsoft.com/en-us/graph/api/application-addpassword?view=graph-rest-1.0\&tabs=java).

The above also requires a *dummy* system action. For example:

```json
{
  "scriptId": "addPassword",
  "actions": [
    {
      "systemType": ".*MSGraphAPIConnector",
      "actionSource": "return;",
      "actionType": "Groovy"
    }
  ]
}
```

The `actionSource` is ignored for these `builtIn` requests, but still required to invoke the `scriptOnConnector` action.

Request

```
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--header "Content-Type: application/json" \
--request POST \
"http://localhost:8080/openidm/system/azuread/?_action=script&scriptId=addPassword&displayName=TestSecretGenesis&applicationId=f619a0ac-0548-4e90-9314-84d967088d2b&builtinAction=addPassword"
```

Response

```json
{
  "actions": [
    {
      "result": {
        "secretText": "{GENERATED-CLIENT-SECRET}",
        "startDateTime": {
          "dateTime": {
            "date": {
              "month": 5,
              "year": 2023,
              "day": 5
            },
            "time": {
              "hour": 20,
              "nano": 771787000,
              "minute": 40,
              "second": 27
            }
          },
          "offset": {
            "totalSeconds": 0
          }
        },
        "displayName": "TestSecretGenesis",
        "hint": "LS8",
        "keyId": "8f48fb5e-a295-4969-b988-a723a02f2f28",
        "endDateTime": {
          "dateTime": {
            "date": {
              "month": 5,
              "year": 2025,
              "day": 5
            },
            "time": {
              "hour": 20,
              "nano": 771787000,
              "minute": 40,
              "second": 27
            }
          },
          "offset": {
            "totalSeconds": 0
          }
        }
      }
    }
  ]
}
```

## Update an application

Request

```
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--header "Content-Type: application/json" \
--request PATCH \
--data '[
  {
    "operation": "replace",
    "field": "/displayName",
    "value": "Test-Application-Updated"
  }
]' \
"http://localhost:8080/openidm/system/azuread/application/4eff1242-bd95-463b-9c8c-f221ec489ba1"
```

Response

```json
{
  "_id": "4eff1242-bd95-463b-9c8c-f221ec489ba1",
  "tags": [],
  "spa": {
    "redirectUris": []
  },
  "parentalControlSettings": {
    "legalAgeGroupRule": "Allow",
    "countriesBlockedForMinors": []
  },
  "api": {
    "requestedAccessTokenVersion": 2,
    "knownClientApplications": [],
    "oauth2PermissionScopes": [],
    "preAuthorizedApplications": []
  },
  "passwordCredentials": [],
  "info": {},
  "addIns": [],
  "keyCredentials": [],
  "publicClient": {
    "redirectUris": []
  },
  "verifiedPublisher": {},
  "identifierUris": [],
  "web": {
    "implicitGrantSettings": {
      "enableAccessTokenIssuance": false,
      "enableIdTokenIssuance": false
    },
    "redirectUris": []
  },
  "publisherDomain": "example.com",
  "createdDateTime": "2023-05-05T20:40:11Z",
  "displayName": "Test-Application-Updated",
  "appRoles": [],
  "appId": "68e06ad2-569f-407d-b117-6cc1d9f5d787",
  "signInAudience": "AzureADandPersonalMicrosoftAccount",
  "requiredResourceAccess": []
}
```

## Delete an application

Request

```
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--header "Content-Type: application/json" \
--header "If-Match: *" \
--request DELETE \
"http://localhost:8080/openidm/system/azuread/application/579d5781-6e39-4b94-b741-1748d1e14199"
```

Response

```json
{
  "_id": "579d5781-6e39-4b94-b741-1748d1e14199",
  "tags": [],
  "spa": {
    "redirectUris": []
  },
  "parentalControlSettings": {
    "legalAgeGroupRule": "Allow",
    "countriesBlockedForMinors": []
  },
  "api": {
    "requestedAccessTokenVersion": 2,
    "knownClientApplications": [],
    "oauth2PermissionScopes": [],
    "preAuthorizedApplications": []
  },
  "passwordCredentials": [],
  "info": {},
  "addIns": [],
  "keyCredentials": [],
  "publicClient": {
    "redirectUris": []
  },
  "verifiedPublisher": {},
  "identifierUris": [],
  "web": {
    "implicitGrantSettings": {
      "enableAccessTokenIssuance": false,
      "enableIdTokenIssuance": false
    },
    "redirectUris": []
  },
  "publisherDomain": "example.com",
  "createdDateTime": "2023-05-05T20:40:18Z",
  "displayName": "Test-Application",
  "appRoles": [],
  "appId": "6e26b7a3-53ef-45ea-8492-fed30f1dd2ad",
  "signInAudience": "AzureADandPersonalMicrosoftAccount",
  "requiredResourceAccess": []
}
```