@pnp/cli-microsoft365 5.0.0-beta.c797165 → 5.0.0-beta.c98b96c

package/.devcontainer/devcontainer.json

@@ -2,7 +2,15 @@
   "name": "CLI for Microsoft 365",
   "dockerFile": "Dockerfile",
   "settings": {
-    "terminal.integrated.shell.linux": "/bin/zsh"
+    "terminal.integrated.profiles.linux": {
+        "zsh": {
+          "path": "/bin/zsh",
+          "args": [
+            "-l"
+          ]
+        }
+      },
+      "terminal.integrated.defaultProfile.linux": "zsh"
   },
   "postCreateCommand": "npm i && npm run clean && npm run build && npm link",
   "extensions": [

package/dist/Utils.js

@@ -40,6 +40,9 @@ class Utils {
             }
         });
     }
+    static isValidGuidArray(guids) {
+        return guids.every(guid => this.isValidGuid(guid));
+    }
     static isValidGuid(guid) {
         const guidRegEx = new RegExp(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i);
         return guidRegEx.test(guid);
@@ -48,6 +51,10 @@ class Utils {
         const guidRegEx = new RegExp(/^19:[0-9a-zA-Z-_]+@thread\.(skype|tacv2)$/i);
         return guidRegEx.test(guid);
     }
+    static isValidTeamsChatId(guid) {
+        const guidRegEx = new RegExp(/^19:[0-9a-zA-Z-_]+(@thread\.v2|@unq\.gbl\.spaces)$/i);
+        return guidRegEx.test(guid);
+    }
     static isValidUserPrincipalName(upn) {
         const upnRegEx = new RegExp(/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/i);
         return upnRegEx.test(upn);

package/dist/cli/Cli.js

@@ -17,6 +17,7 @@ const path = require("path");
 const appInsights_1 = require("../appInsights");
 const Command_1 = require("../Command");
 const config_1 = require("../config");
+const request_1 = require("../request");
 const settingsNames_1 = require("../settingsNames");
 const Utils_1 = require("../Utils");
 const packageJSON = require('../../package.json');
@@ -204,16 +205,20 @@ class Cli {
                 }
             };
             if (args.options.debug) {
-                Cli.log(`Executing command ${command.name} with options ${JSON.stringify(args)}`);
+                logErr.push(`Executing command ${command.name} with options ${JSON.stringify(args)}`);
             }
             // store the current command name, if any and set the name to the name of
             // the command to execute
             const cli = Cli.getInstance();
             const parentCommandName = cli.currentCommandName;
             cli.currentCommandName = command.getCommandName();
+            // store the current logger if any
+            const currentLogger = request_1.default.logger;
             command.action(logger, args, (err) => {
                 // restore the original command name
                 cli.currentCommandName = parentCommandName;
+                // restore the original logger
+                request_1.default.logger = currentLogger;
                 if (err) {
                     return reject({
                         error: err,
@@ -416,11 +421,11 @@ class Cli {
         if (arrayType !== 'object') {
             return logStatement.join(os.EOL);
         }
-        // if output type has been set to 'text', process the retrieved
+        // if output type has been set to 'text' or 'csv', process the retrieved
         // data so that returned objects contain only default properties specified
         // on the current command. If there is no current command or the
         // command doesn't specify default properties, return original data
-        if (options.output === 'text') {
+        if (options.output === 'text' || options.output === 'csv') {
             const cli = Cli.getInstance();
             const currentCommand = cli.commandToExecute;
             if (arrayType === 'object' &&
@@ -440,6 +445,18 @@ class Cli {
                 }
             }
         }
+        if (options.output === 'csv') {
+            const { stringify } = require('csv-stringify/sync');
+            const cli = Cli.getInstance();
+            // https://csv.js.org/stringify/options/
+            return stringify(logStatement, {
+                header: cli.getSettingWithDefaultValue(settingsNames_1.settingsNames.csvHeader, true),
+                escape: cli.getSettingWithDefaultValue(settingsNames_1.settingsNames.csvEscape, '"'),
+                quote: cli.config.get(settingsNames_1.settingsNames.csvQuote),
+                quoted: cli.getSettingWithDefaultValue(settingsNames_1.settingsNames.csvQuoted, false),
+                quotedEmpty: cli.getSettingWithDefaultValue(settingsNames_1.settingsNames.csvQuotedEmpty, false)
+            });
+        }
         // display object as a list of key-value pairs
         if (logStatement.length === 1) {
             const obj = logStatement[0];

package/dist/m365/aad/commands/group/group-list.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const GraphItemsListCommand_1 = require("../../../base/GraphItemsListCommand");
+const commands_1 = require("../../commands");
+class AadGroupListCommand extends GraphItemsListCommand_1.GraphItemsListCommand {
+    get name() {
+        return commands_1.default.GROUP_LIST;
+    }
+    get description() {
+        return 'Lists all groups defined in Azure Active Directory.';
+    }
+    defaultProperties() {
+        return ['id', 'displayName', 'groupType'];
+    }
+    commandAction(logger, args, cb) {
+        this
+            .getAllItems(`${this.resource}/v1.0/groups`, logger, true)
+            .then(() => {
+            if (args.options.output === 'text') {
+                this.items.forEach((group) => {
+                    if (group.groupTypes && group.groupTypes.length > 0 && group.groupTypes[0] === 'Unified') {
+                        group.groupType = 'Microsoft 365';
+                    }
+                    else if (group.mailEnabled && group.securityEnabled) {
+                        group.groupType = 'Mail enabled security';
+                    }
+                    else if (group.securityEnabled) {
+                        group.groupType = 'Security';
+                    }
+                    else if (group.mailEnabled) {
+                        group.groupType = 'Distribution';
+                    }
+                });
+            }
+            logger.log(this.items);
+            cb();
+        }, (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
+    }
+}
+module.exports = new AadGroupListCommand();
+//# sourceMappingURL=group-list.js.map

package/dist/m365/aad/commands/o365group/{Group.js → GroupExtended.js}

@@ -1,3 +1,3 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=Group.js.map
+//# sourceMappingURL=GroupExtended.js.map

package/dist/m365/aad/commands/o365group/o365group-user-set.js

@@ -37,14 +37,14 @@ class AadO365GroupUserSetCommand extends GraphItemsListCommand_1.GraphItemsListC
                 logger.logToStderr(this.items);
                 logger.logToStderr('');
             }
-            if (this.items.filter(i => i.userPrincipalName.toLocaleLowerCase() === args.options.userName.toLocaleLowerCase()).length <= 0) {
+            if (this.items.filter(i => args.options.userName.toUpperCase() === i.userPrincipalName.toUpperCase()).length <= 0) {
                 const userNotInGroup = (typeof args.options.groupId !== 'undefined') ?
                     'The specified user does not belong to the given Microsoft 365 Group. Please use the \'o365group user add\' command to add new users.' :
                     'The specified user does not belong to the given Microsoft Teams team. Please use the \'graph teams user add\' command to add new users.';
                 throw new Error(userNotInGroup);
             }
             if (args.options.role === "Owner") {
-                const foundMember = this.items.find(e => e.userPrincipalName.toLocaleLowerCase() === args.options.userName.toLocaleLowerCase() && e.userType === 'Member');
+                const foundMember = this.items.find(e => args.options.userName.toUpperCase() === e.userPrincipalName.toUpperCase() && e.userType === 'Member');
                 if (foundMember !== undefined) {
                     const endpoint = `${this.resource}/v1.0/groups/${groupId}/owners/$ref`;
                     const requestOptions = {
@@ -65,7 +65,7 @@ class AadO365GroupUserSetCommand extends GraphItemsListCommand_1.GraphItemsListC
                 }
             }
             else {
-                const foundOwner = this.items.find(e => e.userPrincipalName.toLocaleLowerCase() === args.options.userName.toLocaleLowerCase() && e.userType === 'Owner');
+                const foundOwner = this.items.find(e => args.options.userName.toUpperCase() === e.userPrincipalName.toUpperCase() && e.userType === 'Owner');
                 if (foundOwner !== undefined) {
                     const endpoint = `${this.resource}/v1.0/groups/${groupId}/owners/${foundOwner.id}/$ref`;
                     const requestOptions = {

package/dist/m365/aad/commands/user/user-get.js

@@ -20,10 +20,20 @@ class AadUserGetCommand extends GraphCommand_1.default {
     }
     commandAction(logger, args, cb) {
         const properties = args.options.properties ?
-            `?$select=${args.options.properties.split(',').map(p => encodeURIComponent(p.trim())).join(',')}` :
+            `&$select=${args.options.properties.split(',').map(p => encodeURIComponent(p.trim())).join(',')}` :
             '';
+        let requestUrl = `${this.resource}/v1.0/users`;
+        if (args.options.id) {
+            requestUrl += `?$filter=id eq '${encodeURIComponent(args.options.id)}'${properties}`;
+        }
+        else if (args.options.userName) {
+            requestUrl += `?$filter=userPrincipalName eq '${encodeURIComponent(args.options.userName)}'${properties}`;
+        }
+        else if (args.options.email) {
+            requestUrl += `?$filter=mail eq '${encodeURIComponent(args.options.email)}'${properties}`;
+        }
         const requestOptions = {
-            url: `${this.resource}/v1.0/users/${encodeURIComponent(args.options.id ? args.options.id : args.options.userName)}${properties}`,
+            url: requestUrl,
             headers: {
                 accept: 'application/json;odata.metadata=none'
             },
@@ -31,6 +41,18 @@ class AadUserGetCommand extends GraphCommand_1.default {
         };
         request_1.default
             .get(requestOptions)
+            .then((res) => {
+            if (res.value.length === 1) {
+                return Promise.resolve(res.value[0]);
+            }
+            const identifier = args.options.id ? `id ${args.options.id}`
+                : args.options.userName ? `user name ${args.options.userName}`
+                    : `email ${args.options.email}`;
+            if (res.value.length === 0) {
+                return Promise.reject(`The specified user with ${identifier} does not exist`);
+            }
+            return Promise.reject(`Multiple users with ${identifier} found. Please disambiguate (user names): ${res.value.map(a => a.userPrincipalName).join(', ')} or (ids): ${res.value.map(a => a.id).join(', ')}`);
+        })
             .then((res) => {
             logger.log(res);
             cb();
@@ -44,6 +66,9 @@ class AadUserGetCommand extends GraphCommand_1.default {
             {
                 option: '-n, --userName [userName]'
             },
+            {
+                option: '--email [email]'
+            },
             {
                 option: '-p, --properties [properties]'
             }
@@ -52,11 +77,13 @@ class AadUserGetCommand extends GraphCommand_1.default {
         return options.concat(parentOptions);
     }
     validate(args) {
-        if (!args.options.id && !args.options.userName) {
-            return 'Specify either id or userName';
+        if (!args.options.id && !args.options.userName && !args.options.email) {
+            return 'Specify id, userName or email, one is required';
         }
-        if (args.options.id && args.options.userName) {
-            return 'Specify either id or userName but not both';
+        if ((args.options.id && args.options.email) ||
+            (args.options.id && args.options.userName) ||
+            (args.options.userName && args.options.email)) {
+            return 'Use either id, userName or email, but not all';
         }
         if (args.options.id &&
             !Utils_1.default.isValidGuid(args.options.id)) {

package/dist/m365/aad/commands/user/user-hibp.js

@@ -0,0 +1,67 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const request_1 = require("../../../../request");
+const Utils_1 = require("../../../../Utils");
+const AnonymousCommand_1 = require("../../../base/AnonymousCommand");
+const commands_1 = require("../../commands");
+class AadUserHibpCommand extends AnonymousCommand_1.default {
+    get name() {
+        return commands_1.default.USER_HIBP;
+    }
+    get description() {
+        return 'Allows you to retrieve all accounts that have been pwned with the specified username';
+    }
+    getTelemetryProperties(args) {
+        const telemetryProps = super.getTelemetryProperties(args);
+        telemetryProps.domain = args.options.domain;
+        return telemetryProps;
+    }
+    commandAction(logger, args, cb) {
+        const requestOptions = {
+            url: `https://haveibeenpwned.com/api/v3/breachedaccount/${encodeURIComponent(args.options.userName)}${(args.options.domain ? `?domain=${encodeURIComponent(args.options.domain)}` : '')}`,
+            headers: {
+                'accept': 'application/json',
+                'hibp-api-key': args.options.apiKey,
+                'x-anonymous': true
+            },
+            responseType: 'json'
+        };
+        request_1.default
+            .get(requestOptions)
+            .then((res) => {
+            logger.log(res);
+            cb();
+        })
+            .catch((err) => {
+            if ((err && err.response !== undefined && err.response.status === 404) && (this.debug || this.verbose)) {
+                logger.log('No pwnage found');
+                cb();
+                return;
+            }
+            return this.handleRejectedODataJsonPromise(err, logger, cb);
+        });
+    }
+    options() {
+        const options = [
+            {
+                option: '-n, --userName <userName>'
+            },
+            {
+                option: '--apiKey, <apiKey>'
+            },
+            {
+                option: '--domain, [domain]'
+            }
+        ];
+        const parentOptions = super.options();
+        return options.concat(parentOptions);
+    }
+    validate(args) {
+        if (!Utils_1.default.isValidUserPrincipalName(args.options.userName)) {
+            return 'Specify valid userName';
+        }
+        return true;
+    }
+}
+module.exports = new AadUserHibpCommand();
+//# sourceMappingURL=user-hibp.js.map

package/dist/m365/aad/commands.js

@@ -11,6 +11,7 @@ exports.default = {
     APPROLEASSIGNMENT_ADD: `${prefix} approleassignment add`,
     APPROLEASSIGNMENT_LIST: `${prefix} approleassignment list`,
     APPROLEASSIGNMENT_REMOVE: `${prefix} approleassignment remove`,
+    GROUP_LIST: `${prefix} group list`,
     GROUPSETTING_ADD: `${prefix} groupsetting add`,
     GROUPSETTING_GET: `${prefix} groupsetting get`,
     GROUPSETTING_LIST: `${prefix} groupsetting list`,
@@ -50,6 +51,7 @@ exports.default = {
     SP_ADD: `${prefix} sp add`,
     SP_GET: `${prefix} sp get`,
     USER_GET: `${prefix} user get`,
+    USER_HIBP: `${prefix} user hibp`,
     USER_LIST: `${prefix} user list`,
     USER_PASSWORD_VALIDATE: `${prefix} user password validate`,
     USER_SET: `${prefix} user set`

package/dist/m365/app/commands/permission/permission-list.js

@@ -0,0 +1,266 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const cli_1 = require("../../../../cli");
+const request_1 = require("../../../../request");
+const appGetCommand = require("../../../aad/commands/app/app-get");
+const AppCommand_1 = require("../../../base/AppCommand");
+const commands_1 = require("../../commands");
+var GetServicePrincipal;
+(function (GetServicePrincipal) {
+    GetServicePrincipal[GetServicePrincipal["withPermissions"] = 0] = "withPermissions";
+    GetServicePrincipal[GetServicePrincipal["withPermissionDefinitions"] = 1] = "withPermissionDefinitions";
+})(GetServicePrincipal || (GetServicePrincipal = {}));
+class AppPermissionListCommand extends AppCommand_1.default {
+    get name() {
+        return commands_1.default.PERMISSION_LIST;
+    }
+    get description() {
+        return 'Lists API permissions for the current AAD app';
+    }
+    commandAction(logger, args, cb) {
+        this
+            .getServicePrincipal({ appId: this.appId }, logger, GetServicePrincipal.withPermissions)
+            .then(servicePrincipal => {
+            if (servicePrincipal) {
+                // service principal found, get permissions from the service principal
+                return this.getServicePrincipalPermissions(servicePrincipal, logger);
+            }
+            else {
+                // service principal not found, get permissions from app registration
+                return this.getAppRegPermissions(this.appId, logger);
+            }
+        })
+            .then(permissions => {
+            logger.log(permissions);
+            cb();
+        }, err => this.handleRejectedODataJsonPromise(err, logger, cb));
+    }
+    getServicePrincipal(servicePrincipalInfo, logger, mode) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.verbose) {
+                logger.logToStderr(`Retrieving service principal ${(_a = servicePrincipalInfo.appId) !== null && _a !== void 0 ? _a : servicePrincipalInfo.id}`);
+            }
+            const lookupUrl = servicePrincipalInfo.appId ? `?$filter=appId eq '${servicePrincipalInfo.appId}'&` : `/${servicePrincipalInfo.id}?`;
+            const requestOptions = {
+                url: `${this.resource}/v1.0/servicePrincipals${lookupUrl}$select=appId,id,displayName`,
+                headers: {
+                    accept: 'application/json;odata.metadata=none'
+                },
+                responseType: 'json'
+            };
+            const response = yield request_1.default.get(requestOptions);
+            if ((servicePrincipalInfo.id && !response) ||
+                (servicePrincipalInfo.appId && response.value.length === 0)) {
+                return undefined;
+            }
+            const servicePrincipal = servicePrincipalInfo.appId ?
+                response.value[0] :
+                response;
+            if (this.verbose) {
+                logger.logToStderr(`Retrieving permissions for service principal ${servicePrincipal.id}...`);
+            }
+            const permissionsPromises = [];
+            switch (mode) {
+                case GetServicePrincipal.withPermissions:
+                    const appRoleAssignmentsRequestOptions = {
+                        url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/appRoleAssignments`,
+                        headers: {
+                            accept: 'application/json;odata.metadata=none'
+                        },
+                        responseType: 'json'
+                    };
+                    const oauth2PermissionGrantsRequestOptions = {
+                        url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/oauth2PermissionGrants`,
+                        headers: {
+                            accept: 'application/json;odata.metadata=none'
+                        },
+                        responseType: 'json'
+                    };
+                    permissionsPromises.push(...[
+                        request_1.default.get(appRoleAssignmentsRequestOptions),
+                        request_1.default.get(oauth2PermissionGrantsRequestOptions)
+                    ]);
+                    break;
+                case GetServicePrincipal.withPermissionDefinitions:
+                    const oauth2PermissionScopesRequestOptions = {
+                        url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/oauth2PermissionScopes`,
+                        headers: {
+                            accept: 'application/json;odata.metadata=none'
+                        },
+                        responseType: 'json'
+                    };
+                    const appRolesRequestOptions = {
+                        url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/appRoles`,
+                        headers: {
+                            accept: 'application/json;odata.metadata=none'
+                        },
+                        responseType: 'json'
+                    };
+                    permissionsPromises.push(...[
+                        request_1.default.get(oauth2PermissionScopesRequestOptions),
+                        request_1.default.get(appRolesRequestOptions)
+                    ]);
+                    break;
+            }
+            const permissions = yield Promise.all(permissionsPromises);
+            switch (mode) {
+                case GetServicePrincipal.withPermissions:
+                    servicePrincipal.appRoleAssignments = permissions[0].value;
+                    servicePrincipal.oauth2PermissionGrants = permissions[1].value;
+                    break;
+                case GetServicePrincipal.withPermissionDefinitions:
+                    servicePrincipal.oauth2PermissionScopes = permissions[0].value;
+                    servicePrincipal.appRoles = permissions[1].value;
+                    break;
+            }
+            return servicePrincipal;
+        });
+    }
+    getServicePrincipalPermissions(servicePrincipal, logger) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.verbose) {
+                logger.logToStderr(`Resolving permissions for the service principal...`);
+            }
+            const apiPermissions = [];
+            // hash table for resolving resource IDs to names
+            const resourceLookup = {};
+            // list of service principals for which to load permissions
+            const servicePrincipalsToResolve = [];
+            const appRoleAssignments = servicePrincipal.appRoleAssignments;
+            apiPermissions.push(...appRoleAssignments.map(appRoleAssignment => {
+                // store resource name for resolving OAuth2 grants
+                resourceLookup[appRoleAssignment.resourceId] = appRoleAssignment.resourceDisplayName;
+                // add to the list of service principals to load to get the app role
+                // display name
+                if (!servicePrincipalsToResolve.find(r => r.id === appRoleAssignment.resourceId)) {
+                    servicePrincipalsToResolve.push({ id: appRoleAssignment.resourceId });
+                }
+                return {
+                    resource: appRoleAssignment.resourceDisplayName,
+                    // we store the app role ID temporarily and will later resolve to display name
+                    permission: appRoleAssignment.appRoleId,
+                    type: 'Application'
+                };
+            }));
+            const oauth2Grants = servicePrincipal.oauth2PermissionGrants;
+            oauth2Grants.forEach(oauth2Grant => {
+                var _a;
+                // see if we can resolve the resource name from the resources
+                // retrieved from app role assignments
+                const resource = (_a = resourceLookup[oauth2Grant.resourceId]) !== null && _a !== void 0 ? _a : oauth2Grant.resourceId;
+                if (resource === oauth2Grant.resourceId &&
+                    !servicePrincipalsToResolve.find(r => r.id === oauth2Grant.resourceId)) {
+                    // resource name not found in the resources
+                    // add it to the list of resources to resolve
+                    servicePrincipalsToResolve.push({ id: oauth2Grant.resourceId });
+                }
+                const scopes = oauth2Grant.scope.split(' ');
+                scopes.forEach(scope => {
+                    apiPermissions.push({
+                        resource,
+                        permission: scope,
+                        type: 'Delegated'
+                    });
+                });
+            });
+            if (servicePrincipalsToResolve.length > 0) {
+                const servicePrincipals = yield Promise
+                    .all(servicePrincipalsToResolve
+                    .map(servicePrincipalInfo => this.getServicePrincipal(servicePrincipalInfo, logger, GetServicePrincipal.withPermissionDefinitions)));
+                servicePrincipals.forEach(servicePrincipal => {
+                    apiPermissions.forEach(apiPermission => {
+                        var _a, _b;
+                        if (apiPermission.resource === servicePrincipal.id) {
+                            apiPermission.resource = servicePrincipal.displayName;
+                        }
+                        if (apiPermission.resource === servicePrincipal.displayName &&
+                            apiPermission.type === 'Application') {
+                            apiPermission.permission = (_b = (_a = servicePrincipal.appRoles
+                                .find(appRole => appRole.id === apiPermission.permission)) === null || _a === void 0 ? void 0 : _a.value) !== null && _b !== void 0 ? _b : apiPermission.permission;
+                        }
+                    });
+                });
+            }
+            return apiPermissions;
+        });
+    }
+    getAppRegistration(appId, logger) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.verbose) {
+                logger.logToStderr(`Retrieving Azure AD application registration ${appId}`);
+            }
+            const options = {
+                appId: appId,
+                output: 'json',
+                debug: this.debug,
+                verbose: this.verbose
+            };
+            const output = yield cli_1.Cli.executeCommandWithOutput(appGetCommand, { options: Object.assign(Object.assign({}, options), { _: [] }) });
+            if (this.debug) {
+                logger.logToStderr(output.stderr);
+            }
+            return JSON.parse(output.stdout);
+        });
+    }
+    getAppRegPermissions(appId, logger) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const application = yield this.getAppRegistration(appId, logger);
+            if (application.requiredResourceAccess.length === 0) {
+                return [];
+            }
+            const servicePrincipalsToResolve = application.requiredResourceAccess
+                .map(resourceAccess => {
+                return {
+                    appId: resourceAccess.resourceAppId
+                };
+            });
+            const servicePrincipals = yield Promise
+                .all(servicePrincipalsToResolve.map(servicePrincipalInfo => this.getServicePrincipal(servicePrincipalInfo, logger, GetServicePrincipal.withPermissionDefinitions)));
+            const apiPermissions = [];
+            application.requiredResourceAccess.forEach(requiredResourceAccess => {
+                var _a;
+                const servicePrincipal = servicePrincipals
+                    .find(servicePrincipal => (servicePrincipal === null || servicePrincipal === void 0 ? void 0 : servicePrincipal.appId) === requiredResourceAccess.resourceAppId);
+                const resourceName = (_a = servicePrincipal === null || servicePrincipal === void 0 ? void 0 : servicePrincipal.displayName) !== null && _a !== void 0 ? _a : requiredResourceAccess.resourceAppId;
+                requiredResourceAccess.resourceAccess.forEach(permission => {
+                    apiPermissions.push({
+                        resource: resourceName,
+                        permission: this.getPermissionName(permission.id, permission.type, servicePrincipal),
+                        type: permission.type === 'Role' ? 'Application' : 'Delegated'
+                    });
+                });
+            });
+            return apiPermissions;
+        });
+    }
+    getPermissionName(permissionId, permissionType, servicePrincipal) {
+        var _a, _b, _c, _d;
+        if (!servicePrincipal) {
+            return permissionId;
+        }
+        switch (permissionType) {
+            case 'Role':
+                return (_b = (_a = servicePrincipal.appRoles
+                    .find(appRole => appRole.id === permissionId)) === null || _a === void 0 ? void 0 : _a.value) !== null && _b !== void 0 ? _b : permissionId;
+            case 'Scope':
+                return (_d = (_c = servicePrincipal.oauth2PermissionScopes
+                    .find(permissionScope => permissionScope.id === permissionId)) === null || _c === void 0 ? void 0 : _c.value) !== null && _d !== void 0 ? _d : permissionId;
+        }
+        /* c8 ignore next 4 */
+        // permissionType is either 'Scope' or 'Role' but we need a safe default
+        // to avoid building errors. This code will never be reached.
+        return permissionId;
+    }
+}
+module.exports = new AppPermissionListCommand();
+//# sourceMappingURL=permission-list.js.map

package/dist/m365/app/commands.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const prefix = 'app';
+exports.default = {
+    PERMISSION_LIST: `${prefix} permission list`
+};
+//# sourceMappingURL=commands.js.map