TrustFrameworkKeySet.ReadWrite.All
Allows the app to read and write trust framework key set properties on behalf of the signed-in user.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
TrustFrameworkKeySet.ReadWrite.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | 4a771c9a-1cf2-4609-b88e-3d3e02d539cd | 39244520-1e7d-4b4a-aee0-57c65826e427 |
| DisplayText | Read and write trust framework key sets | Read and write trust framework key sets |
| Description | Allows the app to read and write trust framework key set properties without a signed-in user. | Allows the app to read and write trust framework key set properties on behalf of the signed-in user. |
| AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods |
|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
Graph reference: trustFrameworkKey
| Property | Type | Description |
|---|---|---|
| d | String | RSA Key - private exponent. The field isn't readable. |
| dp | String | RSA Key - first exponent. The field isn't readable. |
| dq | String | RSA Key - second exponent. The field isn't readable. |
| e | String | RSA Key - public exponent. |
| exp | Int64 | This value is a NumericDate as defined in RFC 7519. That is, a JSON numeric value representing the number of seconds from 1970-01-01T00:00:00Z UTC until the specified UTC date/time, ignoring leap seconds. |
| k | String | Symmetric Key for oct key type. The field isn't readable. |
| kid | String | The unique identifier for the key. |
| kty | String | The kty (key type) parameter identifies the cryptographic algorithm family used with the key. The valid values are rsa, oct. |
| n | String | RSA Key - modulus. |
| nbf | Int64 | This value is a NumericDate as defined in RFC 7519. That is, a JSON numeric value representing the number of seconds from 1970-01-01T00:00:00Z UTC until the specified UTC date/time, ignoring leap seconds. |
| p | String | RSA Key - first prime. The field isn't readable. |
| q | String | RSA Key - second prime. The field isn't readable. |
| qi | String | RSA Key - Coefficient. The field isn't readable. |
| status | trustFrameworkKeyStatus | Status of the key. The possible values are: enabled, disabled, unknownFutureValue. |
| use | String | The use (public key use) parameter identifies the intended use of the public key. The use parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Possible values are: sig (signature), enc (encryption). |
| x5c | String collection | The x5c (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates. For more information, see RFC 5280. |
| x5t | String | The **x |