mapped_claims_enabled value throws 403 if used in one step with app registration creation

[lukaskolafa]

Terraform Version and Provider Version

Terraform v1.2.7
hashicorp/azuread 2.27.0

Windows Version

Windows 10

Affected Resource(s)

• azuread_application

Terraform Configuration Files

provider "registry.terraform.io/hashicorp/azuread" {
  version     = "2.27.0"
  constraints = "2.27.0"
  hashes = [
    "h1:/wdsws5f6NYE9wLynGNMMwcFk6zHm+zIppx3BpaMKFs=",
    "h1:771l12+NcX/eeKkUZU7jl2m3KgUOy0lNLI4DfddD5YA=",
    "h1:qbxXgGWjJESAgi4pftq0FzXJoM4Sqw3V9o/7yhsMnZQ=",
    "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7",
    "zh:43d9830bf48eff06ac417bab9d4aefdfb9aacdbbe06fd0b47fd5741d79b54cfa",
    "zh:5dc8e8e6ddf3a343053d0573fe31264bb43ce740f6fcecf14f580ee1ab85ee24",
    "zh:690bc912927756942422f3239df4bd38b33316e02a69c8298819c7decc7b1b7e",
    "zh:77b7673e4a1a7ad3893cc70ddef6fce1de93d99e2e2691f2c8d27c55e05b862a",
    "zh:91252c726e3c8dbde255b407d4fe3755d88b723951539fce0bafb0f4c921dd42",
    "zh:be46e8f04c34049ce1c8dfcbb8718cb479e46206eec2cb5b9d17a1d01b60d0ed",
    "zh:cf19be7ac39c64cb26cb8c7d05a93d091545a5e5b88ae8a271c7c37e263a767b",
    "zh:d2228e32df68530881a129c53d77f972d62923637b636cc21c0382956196328a",
    "zh:d34d3092351590ddab7ad10c6a4db149e00133f17881120d9e6d842dd00fa7fd",
    "zh:f26b9f55461d340f8e93039ab3e099c3abc943a86203f842d73404e0bd3908d7",
    "zh:f7fdf81fe062804ea7fc6c88d1263dc5f7443072edc9b282e33769c9dd1fc0a3",
  ]
}

provider "registry.terraform.io/hashicorp/azurerm" {
  version     = "2.78.0"
  constraints = "2.78.0"
  hashes = [
    "h1:9kFcQ7ObzWn+6QPPjE7+haKY5U35A6F11gx1HmoTaA4=",
    "h1:IDrQ8EzMT+GtLBo+8JWR45kVDCldVZ0Ty2cFXBBuu2A=",
    "h1:Yz6w8f+8w01pgnWtFhU/b10ixc1FM/EEddzQn4fuz/4=",
    "zh:044cd4bdefca17e90e887ae7180ab5eef41a46e919fba44541560c03be09b39f",
    "zh:065fa80ed6bcadbe1c439b0b57ed60847402dd75b12c02f3c09792775753049d",
    "zh:2b7f0e8ca7078b3ed229bad2fd054b16d7b70fb6ee7c6e9b6a48d49d8d374cbb",
    "zh:50d2f733803affbdcc5583ad47050e38ad9407e2f712cd747d80c1e2de154609",
    "zh:6272819858557c239f3b058fd36228c7ed57a4c88f066de5994cfb2d2bca2732",
    "zh:76f92d1d4381ce565f50c3315cf9a8bf1236ae117abb68ee60dc62d86d9c59b3",
    "zh:bd6d9d77689bfb047c91a034fef701f71b567ec8645183b2f92a486984e46a2f",
    "zh:c9613c480efbf1c9388e89f81f35e38aa589dc18b3156b6154c06b3118320cdc",
    "zh:e0117a4c429dce0169280d352444fb6e38abcfe4d5dbdb18e33f6a1439b893a2",
    "zh:e71b48f08f25c8089b38038b02a2d8ab3cb755fed992666a0826c764faa2f193",
    "zh:eff6420f774247e2fdc8576e82f62d8d6d1312985fba89fe37616fa61a6fcf75",
  ]
}

provider "registry.terraform.io/hashicorp/random" {
  version     = "3.1.0"
  constraints = "3.1.0"
  hashes = [
    "h1:BZMEPucF+pbu9gsPk0G0BHx7YP04+tKdq2MrRDF1EDM=",
    "h1:EPIax4Ftp2SNdB9pUfoSjxoueDoLc/Ck3EUoeX0Dvsg=",
    "h1:rKYu5ZUbXwrLG1w81k7H3nce/Ys6yAxXhWcbtk36HjY=",
    "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc",
    "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626",
    "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff",
    "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2",
    "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992",
    "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427",
    "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc",
    "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f",
    "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b",
    "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7",
    "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a",
  ]
}

provider "registry.terraform.io/hashicorp/tls" {
  version     = "3.1.0"
  constraints = "3.1.0"
  hashes = [
    "h1:XTU9f6sGMZHOT8r/+LWCz2BZOPH127FBTPjMMEAAu1U=",
    "h1:ekOxs6MjdIElt8h9crEVaOwWbEqtfUUfArtA13Jkk6A=",
    "h1:fUJX8Zxx38e2kBln+zWr1Tl41X+OuiE++REjrEyiOM4=",
    "zh:3d46616b41fea215566f4a957b6d3a1aa43f1f75c26776d72a98bdba79439db6",
    "zh:623a203817a6dafa86f1b4141b645159e07ec418c82fe40acd4d2a27543cbaa2",
    "zh:668217e78b210a6572e7b0ecb4134a6781cc4d738f4f5d09eb756085b082592e",
    "zh:95354df03710691773c8f50a32e31fca25f124b7f3d6078265fdf3c4e1384dca",
    "zh:9f97ab190380430d57392303e3f36f4f7835c74ea83276baa98d6b9a997c3698",
    "zh:a16f0bab665f8d933e95ca055b9c8d5707f1a0dd8c8ecca6c13091f40dc1e99d",
    "zh:be274d5008c24dc0d6540c19e22dbb31ee6bfdd0b2cddd4d97f3cd8a8d657841",
    "zh:d5faa9dce0a5fc9d26b2463cea5be35f8586ab75030e7fa4d4920cd73ee26989",
    "zh:e9b672210b7fb410780e7b429975adcc76dd557738ecc7c890ea18942eb321a5",
    "zh:eb1f8368573d2370605d6dbf60f9aaa5b64e55741d96b5fb026dbfe91de67c0d",
    "zh:fc1e12b713837b85daf6c3bb703d7795eaf1c5177aebae1afcf811dd7009f4b0",
  ]
}

Debug Output

ApplicationsClient.BaseClient.Post(): unexpected status 403 with OData error: Authorization_RequestDenied: Insufficient privileges to complete the operation.

Panic Outputter

N/A

Expected Behavior

terraform apply should run without an error

Actual Behavior

terraform apply fails with a 403 error.

Steps to Reproduce

1. terraform apply --> confirm 'yes' -> error

Important Factoids

resource "azuread_application" "uat_personnel_api" {
  display_name = "Personnel API (UAT)"
  identifier_uris  = ["api://uat-personnel-api"]
  owners           = local.core_team_adm[*].object_id
  sign_in_audience = "AzureADMyOrg"

  api {
    # DANGER: Bug : mapped_claims_enabled has to be commented out by the first execution, after App is created, you can uncomment. Otherwise you will get 403 error. 
    mapped_claims_enabled          = true
    requested_access_token_version = 2
  }
}

References

N/A

Community Note

N/A

[PabloPie]

I have the same error, but I think you might have posted this in the wrong provider.

I replicated the issue in the azuread provide repo:
hashicorp/terraform-provider-azuread#914