Failed to update the requiredResourceAccess of mutiple applications

[superff]

Describe the bug

I am having trouble calling the

await graphClient.Applications[app.Id].PatchAsync to update the API permission , aka RequiredResourceAccess
To Reproduce
Steps to reproduce the behavior:

the code is

      RequiredResourceAccess PowerBiResourceAccess =
                new()
                {
                    // Power BI Service 
                    ResourceAppId = "00000009-0000-0000-c000-000000000000",
                    // all the permissions are delegated type
                    ResourceAccess = new List<ResourceAccess>
                    {
                        // Content.Create
                        new ResourceAccess { Id = Guid.Parse("b271f05e-8329-4b97-baa4-91cf15b99cf1"), Type = "Role" },
                        // Dashboard.ReadWrite.All
                        new ResourceAccess { Id = Guid.Parse("322b68b2-0804-416e-86a5-d772c567b6e6"), Type = "Role" },
                        // Dataset.ReadWrite.All
                        new ResourceAccess { Id = Guid.Parse("f3076109-ca66-412a-be10-d4ee1be95d47"), Type = "Role" },
                        // Report.ReadWrite.All
                        new ResourceAccess { Id = Guid.Parse("7504609f-c495-4c64-8542-686125a5a36f"), Type = "Role" },
                        // Workspace.Read.All
                        new ResourceAccess { Id = Guid.Parse("b2f1b2fa-f35c-407c-979c-a858a808ba85"), Type = "Role" }
                    }
                };
            var requestBody = new Application
            {
                RequiredResourceAccess = new List<RequiredResourceAccess> { PowerBiResourceAccess }
            };
            await graphClient.Applications[app.Id]
                .PatchAsync(requestBody, cancellationToken: cancellationToken);

Expected behavior

I want to update multiple apps' permission using the above code, however, I found it only works the first time and after the first call, the rest will all fail with 400 ODataError as below
Microsoft.Graph.Models.ODataErrors.ODataError: Property requiredResourceAccess.resourceAccess is invalid.
I tried both scope and role as type, both are failing

"Microsoft.Graph.Models.ODataErrors.ODataError: Property requiredResourceAccess.resourceAccess is invalid.\n   at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.ThrowIfFailedResponse(HttpResponseMessage response, Dictionary`2 errorMapping, Activity activityForAttributes)\n   at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.SendAsync[ModelType](RequestInformation requestInfo, ParsableFactory`1 factory, Dictionary`2 errorMapping, CancellationToken cancellationToken)\n   at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.SendAsync[ModelType](RequestInformation requestInfo, ParsableFactory`1 factory, Dictionary`2 errorMapping, CancellationToken cancellationToken)\n   at Microsoft.Graph.Applications.Item.ApplicationItemRequestBuilder.PatchAsync(Application body, Action`1 requestConfiguration, CancellationToken cancellationToken)\n   at Integration.Microsoft.Graph.ServicePrincipalManager.AddApiPermission(ApplicationName appName, String appId, CancellationToken cancellationToken, Nullable`1 rpStampTenantId) in /Users/feif/Code/Subscriber/libraries/Integration.Microsoft.Graph/ServicePrincipalManager.cs:line 187\n   at OrganizationService.Main.Controllers.V1.ProfileAadIdentityController.UpdateAadIdentityPermission(String auth0Identifier, ApplicationName appName, Nullable`1 rpStampTenantId, CancellationToken cancellationToken) in /Users/feif/Code/Subscriber/services/OrganizationService/OrganizationService.Main/Controllers/V1/ProfileAadIdentityController.cs:line 205\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)\n   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)\n   at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)\n   at Trufx.Mvc.LogEventMiddleware.Invoke(HttpContext context)\n   at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext)\n   at Cerberus.Middleware.RequestContextLoggingMiddleware.InvokeAsync(HttpContext context) in /Users/feif/Code/Subscriber/libraries/Cerberus.Middleware/RequestContextLoggingMiddleware.cs:line 47\n   at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)\n   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)\n   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)\n   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)

I am following this doc,https://learn.microsoft.com/en-us/graph/migrate-azure-ad-graph-configure-permissions?tabs=csharp%2Cupdatepermissions-azureadgraph-powershell#step-2-add-required-azure-ad-graph-permissions-to-your-app

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

[andrueastman]

Thanks for raising this @superff.

Just to confirm, does this mean you are sending the same RequiredResourceAccess object on each subsequent request? Due to the backing store which performs change tracking, some properties may be left out causing the issue.

Any chance you can replicate the same when you create a new instance on each request?

[microsoft-github-policy-service]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.

[microsoft-github-policy-service]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.

[microsoft-github-policy-service]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.