az_app: Registered app in Azure Active Directory

az_appR Documentation

Registered app in Azure Active Directory


Base class representing an AAD app.


An R6 object of class az_app, inheriting from az_object.


  • token: The token used to authenticate with the Graph host.

  • tenant: The Azure Active Directory tenant for this app.

  • type: always "application" for an app object.

  • properties: The app properties.

  • password: The app password. Note that the Graph API does not return previously-generated passwords. This field will only be populated for an app object created with ms_graph$create_app(), or after a call to the add_password() method below.


  • new(...): Initialize a new app object. Do not call this directly; see 'Initialization' below.

  • delete(confirm=TRUE): Delete an app. By default, ask for confirmation first.

  • update(...): Update the app data in Azure Active Directory. For what properties can be updated, consult the REST API documentation link below.

  • do_operation(...): Carry out an arbitrary operation on the app.

  • sync_fields(): Synchronise the R object with the app data in Azure Active Directory.

  • list_owners(type=c("user", "group", "application", "servicePrincipal"), filter=NULL, n=Inf): Return a list of all owners of this app. Specify the type argument to limit the result to specific object type(s).

  • create_service_principal(...): Create a service principal for this app, by default in the current tenant.

  • get_service_principal(): Get the service principal for this app.

  • delete_service_principal(confirm=TRUE): Delete the service principal for this app. By default, ask for confirmation first.

  • add_password(password_name=NULL, password_duration=NULL): Adds a strong password. password_duration is the length of time in years that the password remains valid, with default duration 2 years. Returns the ID of the generated password.

  • remove_password(password_id, confirm=TRUE): Removes the password with the given ID. By default, ask for confirmation first.

  • add_certificate(certificate): Adds a certificate for authentication. This can be specified as the name of a .pfx or .pem file, an openssl::cert object, an AzureKeyVault::stored_cert object, or a raw or character vector.

  • remove_certificate(certificate_id, confirm=TRUE): Removes the certificate with the given ID. By default, ask for confirmation first.


Creating new objects of this class should be done via the create_app and get_app methods of the ms_graph class. Calling the new() method for this class only constructs the R object; it does not call the Microsoft Graph API to create the actual app.

Microsoft Graph overview, REST API reference

List methods

All list_* methods have filter and n arguments to limit the number of results. The former should be an OData expression as a string to filter the result set on. The latter should be a number setting the maximum number of (filtered) results to return. The default values are filter=NULL and n=Inf. If n=NULL, the ms_graph_pager iterator object is returned instead to allow manual iteration over the results.

Support in the underlying Graph API for OData queries is patchy. Not all endpoints that return lists of objects support filtering, and if they do, they may not allow all of the defined operators. If your filtering expression results in an error, you can carry out the operation without filtering and then filter the results on the client side.

See Also

ms_graph, az_service_principal, az_user, az_group, az_object


## Not run: 

gr <- get_graph_login()
app <- gr$create_app("MyNewApp")

# password resetting: remove the old password, add a new one
pwd_id <- app$properties$passwordCredentials[[1]]$keyId

# set a redirect URI

# add API permission (access Azure Storage as user)

# add a certificate from a .pem file

# can also read the file into an openssl object, and then add the cert
cert <- openssl::read_cert("cert.pem")

# add a certificate stored in Azure Key Vault
vault <- AzureKeyVault::key_vault("mytenant")
cert2 <- vault$certificates$get("certname")

# change the app name

## End(Not run)

AzureGraph documentation built on March 18, 2022, 8:04 p.m.