Merge pull request #1080 from Ren-Roros-Digital/Init-DevEnv

Case sensitivity for Linux/pwsh 7

AddAlertSubscription_Queue/function.json

@@ -1,5 +1,5 @@
 {
-  "scriptFile": "../Modules/CippEntryPoints/CippEntryPoints.psm1",
+  "scriptFile": "../Modules/CippEntrypoints/CippEntrypoints.psm1",
   "entryPoint": "Receive-CippQueueTrigger",
   "bindings": [
     {

CIPPActivityFunction/function.json

@@ -1,5 +1,5 @@
 {
-  "scriptFile": "../Modules/CippEntryPoints/CippEntryPoints.psm1",
+  "scriptFile": "../Modules/CippEntrypoints/CippEntrypoints.psm1",
   "entryPoint": "Receive-CippActivityTrigger",
   "bindings": [
     {

CIPPOrchestrator/function.json

@@ -1,5 +1,5 @@
 {
-  "scriptFile": "../Modules/CippEntryPoints/CippEntryPoints.psm1",
+  "scriptFile": "../Modules/CippEntrypoints/CippEntrypoints.psm1",
   "entryPoint": "Receive-CippOrchestrationTrigger",
   "bindings": [
     {

Cleanup_OldAuditLogs/run.ps1

@@ -2,8 +2,8 @@
 param($Timer)
 
 try {
-    $Tenants = Get-Tenants -IncludeAll | Where-Object { $_.customerId -ne $env:TenantId -and $_.Excluded -eq $false }
+    $Tenants = Get-Tenants -IncludeAll | Where-Object { $_.customerId -ne $env:TenantID -and $_.Excluded -eq $false }
     $Tenants | ForEach-Object {
         Remove-CIPPGraphSubscription -cleanup $true -TenantFilter $_.defaultDomainName
     }
-} catch {}
+} catch {}

ExecAlertsListAllTenants/run.ps1

@@ -4,13 +4,13 @@ param( $QueueItem, $TriggerMetadata)
 # Write out the queue message and metadata to the information log.
 Write-Host "PowerShell queue trigger function processed work item: $QueueItem"
 
-Get-Tenants | ForEach-Object -Parallel { 
+Get-Tenants | ForEach-Object -Parallel {
     $domainName = $_.defaultDomainName
-    Import-Module CippCore
+    Import-Module CIPPCore
     $Table = Get-CIPPTable -TableName 'cachealertsandincidents'
 
     try {
-        $Alerts = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/security/alerts' -tenantid $domainName 
+        $Alerts = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/security/alerts' -tenantid $domainName
         foreach ($Alert in $Alerts) {
             $GUID = (New-Guid).Guid
             $alertJson = $Alert | ConvertTo-Json
@@ -27,7 +27,7 @@ Get-Tenants | ForEach-Object -Parallel {
     } catch {
         $GUID = (New-Guid).Guid
         $AlertText = ConvertTo-Json -InputObject @{
-            Title             = "Could not connect to tenant to retrieve data: $($_.Exception.Message)" 
+            Title             = "Could not connect to tenant to retrieve data: $($_.Exception.Message)"
             Id                = ''
             Category          = ''
             EventDateTime     = ''
@@ -40,7 +40,7 @@ Get-Tenants | ForEach-Object -Parallel {
             }
         }
         $GraphRequest = @{
-            Alert        = [string]$AlertText 
+            Alert        = [string]$AlertText
             RowKey       = [string]$GUID
             PartitionKey = 'alert'
             Tenant       = $domainName
@@ -49,4 +49,4 @@ Get-Tenants | ForEach-Object -Parallel {
 
 
     }
-}
+}

ExecIncidentsListAllTenants/run.ps1

@@ -4,14 +4,14 @@ param( $QueueItem, $TriggerMetadata)
 # Write out the queue message and metadata to the information log.
 Write-Host "PowerShell queue trigger function processed work item: $QueueItem"
 
-Get-Tenants | ForEach-Object -Parallel { 
+Get-Tenants | ForEach-Object -Parallel {
     $domainName = $_.defaultDomainName
-    Import-Module CippCore
+    Import-Module CIPPCore
     $Table = Get-CIPPTable -TableName 'cachealertsandincidents'
 
     try {
         $incidents = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/security/incidents' -tenantid $domainName -AsApp $true
-        $GraphRequest = foreach ($incident in $incidents) {    
+        $GraphRequest = foreach ($incident in $incidents) {
             $GUID = (New-Guid).Guid
             $GraphRequest = @{
                 Incident     = [string]($incident | ConvertTo-Json -Depth 10)
@@ -20,7 +20,7 @@ Get-Tenants | ForEach-Object -Parallel {
                 Tenant       = [string]$domainName
             }
             Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null
-        } 
+        }
 
     } catch {
         $GUID = (New-Guid).Guid
@@ -37,7 +37,7 @@ Get-Tenants | ForEach-Object -Parallel {
             severity       = 'CIPP'
         }
         $GraphRequest = @{
-            Incident     = [string]$AlertText 
+            Incident     = [string]$AlertText
             RowKey       = [string]$GUID
             PartitionKey = 'Incident'
             Tenant       = [string]$domainName
@@ -46,4 +46,4 @@ Get-Tenants | ForEach-Object -Parallel {
 
 
     }
-}
+}

ListGenericAllTenants/run.ps1

@@ -12,7 +12,7 @@ Get-CIPPAzDataTableEntity @Table | Remove-AzDataTableEntity @table
 
 $RawGraphRequest = Get-Tenants | ForEach-Object -Parallel {
     $domainName = $_.defaultDomainName
-    Import-Module CippCore
+    Import-Module CIPPCore
     try {
         Write-Host $using:fullUrl
         New-GraphGetRequest -uri $using:fullUrl -tenantid $_.defaultDomainName -ComplexFilter -ErrorAction Stop | Select-Object *, @{l = 'Tenant'; e = { $domainName } }, @{l = 'CippStatus'; e = { 'Good' } }
@@ -39,4 +39,4 @@ foreach ($Request in $RawGraphRequest) {
 }
 
 
-Update-CippQueueEntry -RowKey $QueueKey -Status 'Completed'
+Update-CippQueueEntry -RowKey $QueueKey -Status 'Completed'

Modules/CIPPCore/Public/Authentication/Get-CIPPHttpFunctions.ps1

@@ -5,7 +5,7 @@ function Get-CIPPHttpFunctions {
     )
 
     try {
-        $Functions = Get-Command -Module CippCore | Where-Object { $_.Visibility -eq 'Public' -and $_.Name -match 'Invoke-*' }
+        $Functions = Get-Command -Module CIPPCore | Where-Object { $_.Visibility -eq 'Public' -and $_.Name -match 'Invoke-*' }
         $Results = foreach ($Function in $Functions) {
             $Help = Get-Help $Function
             if ($Help.Functionality -ne 'Entrypoint') { continue }
@@ -34,4 +34,4 @@ function Get-CIPPHttpFunctions {
     } catch {
         "Function Error $($_.Exception.Message): $($_.InvocationInfo.PositionMessage)"
     }
-}
+}

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListMailboxRulesQueue.ps1

@@ -13,7 +13,7 @@ function Push-ListMailboxRulesQueue {
     $Table = Get-CIPPTable -TableName cachembxrules
     try {
         $Rules = New-ExoRequest -tenantid $domainName -cmdlet 'Get-Mailbox' -Select 'userPrincipalName,GUID' | ForEach-Object -Parallel {
-            Import-Module CippCore
+            Import-Module CIPPCore
             $MbxRules = New-ExoRequest -Anchor $_.UserPrincipalName -tenantid $using:domainName -cmdlet 'Get-InboxRule' -cmdParams @{Mailbox = $_.GUID; IncludeHidden = $true } | Where-Object { $_.Name -ne 'Junk E-Mail Rule' }
             foreach ($Rule in $MbxRules) {
                 $Rule | Add-Member -NotePropertyName 'UserPrincipalName' -NotePropertyValue $_.userPrincipalName

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdatePermissionsQueue.ps1

@@ -34,7 +34,7 @@ function Push-UpdatePermissionsQueue {
         $unixtime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds
         $GraphRequest = @{
             LastApply     = "$unixtime"
-            applicationId = "$($ENV:applicationId)"
+            applicationId = "$($ENV:ApplicationID)"
             Tenant        = "$($Item.customerId)"
             PartitionKey  = 'Tenant'
             RowKey        = "$($Item.customerId)"

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecPartnerWebhook.ps1

@@ -34,7 +34,7 @@ function Invoke-ExecPartnerWebhook {
         'CreateSubscription' {
             $BaseURL = ([System.Uri]$Request.Headers.'x-ms-original-url').Host
             $Webhook = @{
-                TenantFilter  = $env:TenantId
+                TenantFilter  = $env:TenantID
                 PartnerCenter = $true
                 BaseURL       = $BaseURL
                 EventType     = $Request.Body.EventType
@@ -74,4 +74,4 @@ function Invoke-ExecPartnerWebhook {
         StatusCode = [System.Net.HttpStatusCode]::OK
         Body       = $Body
     }
-}
+}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecServicePrincipals.ps1

@@ -8,7 +8,7 @@ function Invoke-ExecServicePrincipals {
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
 
-    $TenantFilter = $env:TenantId
+    $TenantFilter = $env:TenantID
 
     $Success = $true
 

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1

@@ -17,7 +17,7 @@ Function Invoke-ExecAccessChecks {
     # Write to the Azure Functions log stream.
     Write-Host 'PowerShell HTTP trigger function processed a request.'
     if ($Request.Query.Permissions -eq 'true') {
-        $Results = Test-CIPPAccessPermissions -tenantfilter $ENV:tenantid -APIName $APINAME -ExecutingUser $Request.Headers.'x-ms-client-principal'
+        $Results = Test-CIPPAccessPermissions -tenantfilter $ENV:TenantID -APIName $APINAME -ExecutingUser $Request.Headers.'x-ms-client-principal'
     }
 
     if ($Request.Query.Tenants -eq 'true') {

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecBackendURLs.ps1

@@ -14,20 +14,20 @@ Function Invoke-ExecBackendURLs {
     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
     $Subscription = ($ENV:WEBSITE_OWNER_NAME).split('+') | Select-Object -First 1
-    $SWAName = $ENV:Website_SITE_NAME -replace 'cipp', 'CIPP-SWA-'
+    $SWAName = $ENV:WEBSITE_SITE_NAME -replace 'cipp', 'CIPP-SWA-'
     # Write to the Azure Functions log stream.
     Write-Host 'PowerShell HTTP trigger function processed a request.'
 
     $results = [PSCustomObject]@{
-        ResourceGroup      = "https://portal.azure.com/#@Go/resource/subscriptions/$Subscription/resourceGroups/$ENV:Website_Resource_Group/overview"
-        KeyVault           = "https://portal.azure.com/#@Go/resource/subscriptions/$Subscription/resourceGroups/$ENV:Website_Resource_Group/providers/Microsoft.KeyVault/vaults/$($ENV:WEBSITE_SITE_NAME)/secrets"
-        FunctionApp        = "https://portal.azure.com/#@Go/resource/subscriptions/$Subscription/resourceGroups/$ENV:Website_Resource_Group/providers/Microsoft.Web/sites/$($ENV:WEBSITE_SITE_NAME)/appServices"
-        FunctionConfig     = "https://portal.azure.com/#@Go/resource/subscriptions/$Subscription/resourceGroups/$ENV:Website_Resource_Group/providers/Microsoft.Web/sites/$($ENV:WEBSITE_SITE_NAME)/configuration"
-        FunctionDeployment = "https://portal.azure.com/#@Go/resource/subscriptions/$Subscription/resourceGroups/$ENV:Website_Resource_Group/providers/Microsoft.Web/sites/$($ENV:WEBSITE_SITE_NAME)/vstscd"
-        SWADomains         = "https://portal.azure.com/#@Go/resource/subscriptions/$Subscription/resourceGroups/$ENV:Website_Resource_Group/providers/Microsoft.Web/staticSites/$SWAName/customDomains"
-        SWARoles           = "https://portal.azure.com/#@Go/resource/subscriptions/$Subscription/resourceGroups/$ENV:Website_Resource_Group/providers/Microsoft.Web/staticSites/$SWAName/roleManagement"
+        ResourceGroup      = "https://portal.azure.com/#@Go/resource/subscriptions/$Subscription/resourceGroups/$ENV:WEBSITE_RESOURCE_GROUP/overview"
+        KeyVault           = "https://portal.azure.com/#@Go/resource/subscriptions/$Subscription/resourceGroups/$ENV:WEBSITE_RESOURCE_GROUP/providers/Microsoft.KeyVault/vaults/$($ENV:WEBSITE_SITE_NAME)/secrets"
+        FunctionApp        = "https://portal.azure.com/#@Go/resource/subscriptions/$Subscription/resourceGroups/$ENV:WEBSITE_RESOURCE_GROUP/providers/Microsoft.Web/sites/$($ENV:WEBSITE_SITE_NAME)/appServices"
+        FunctionConfig     = "https://portal.azure.com/#@Go/resource/subscriptions/$Subscription/resourceGroups/$ENV:WEBSITE_RESOURCE_GROUP/providers/Microsoft.Web/sites/$($ENV:WEBSITE_SITE_NAME)/configuration"
+        FunctionDeployment = "https://portal.azure.com/#@Go/resource/subscriptions/$Subscription/resourceGroups/$ENV:WEBSITE_RESOURCE_GROUP/providers/Microsoft.Web/sites/$($ENV:WEBSITE_SITE_NAME)/vstscd"
+        SWADomains         = "https://portal.azure.com/#@Go/resource/subscriptions/$Subscription/resourceGroups/$ENV:WEBSITE_RESOURCE_GROUP/providers/Microsoft.Web/staticSites/$SWAName/customDomains"
+        SWARoles           = "https://portal.azure.com/#@Go/resource/subscriptions/$Subscription/resourceGroups/$ENV:WEBSITE_RESOURCE_GROUP/providers/Microsoft.Web/staticSites/$SWAName/roleManagement"
         Subscription       = $Subscription
-        RGName             = $ENV:Website_Resource_Group
+        RGName             = $ENV:WEBSITE_RESOURCE_GROUP
         FunctionName       = $ENV:WEBSITE_SITE_NAME
         SWAName            = $SWAName
     }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCPVPermissions.ps1

@@ -31,7 +31,7 @@ Function Invoke-ExecCPVPermissions {
         if ($TenantFilter -ne 'PartnerTenant') {
             Set-CIPPCPVConsent @CPVConsentParams
         } else {
-            $TenantFilter = $env:TenantId
+            $TenantFilter = $env:TenantID
         }
         Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $TenantFilter
         Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $TenantFilter

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1

@@ -82,9 +82,9 @@ Function Invoke-ExecSAMSetup {
         if ($Request.Query.code) {
             try {
                 $TenantId = $Rows.tenantid
-                if (!$TenantId) { $TenantId = $ENV:TenantId }
+                if (!$TenantId) { $TenantId = $ENV:TenantID }
                 $AppID = $Rows.appid
-                if (!$AppID) { $appid = $env:ApplicationId }
+                if (!$AppID) { $appid = $ENV:ApplicationID }
                 $URL = ($Request.headers.'x-ms-original-url').split('?') | Select-Object -First 1
                 if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
                     $clientsecret = $Secret.ApplicationSecret

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOffboardTenant.ps1

@@ -114,7 +114,7 @@ Function Invoke-ExecOffboardTenant {
             # Remove multi-tenant apps with the CSP tenant as origin
             try {
                 $multitenantCSPApps = (New-GraphGETRequest -Uri "https://graph.microsoft.com/v1.0/servicePrincipals?`$count=true&`$select=displayName,appId,id,appOwnerOrganizationId&`$filter=appOwnerOrganizationId eq $($env:TenantID)" -tenantid $Tenantfilter -ComplexFilter)
-                $sortedArray = $multitenantCSPApps | Sort-Object @{Expression = { if ($_.appId -eq $env:applicationid) { 1 } else { 0 } }; Ascending = $true }
+                $sortedArray = $multitenantCSPApps | Sort-Object @{Expression = { if ($_.appId -eq $ENV:ApplicationID) { 1 } else { 0 } }; Ascending = $true }
                 $sortedArray | ForEach-Object {
                     try {
                         $delete = (New-GraphPostRequest -type 'DELETE' -Uri "https://graph.microsoft.com/v1.0/serviceprincipals/$($_.id)" -tenantid $Tenantfilter)

Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionParameters.ps1

@@ -33,7 +33,7 @@ function Invoke-ListFunctionParameters {
         if ($Module -eq 'ExchangeOnlineManagement') {
             $ExoRequest = @{
                 AvailableCmdlets = $true
-                tenantid         = $env:TenantId
+                tenantid         = $env:TenantID
                 NoAuthCheck      = $true
             }
             if ($Request.Query.Compliance -eq $true) {

Modules/CIPPCore/Public/Entrypoints/Invoke-ListInactiveAccounts.ps1

@@ -21,7 +21,7 @@ Function Invoke-ListInactiveAccounts {
     $TenantFilter = $Request.Query.TenantFilter
     if ($TenantFilter -eq 'AllTenants') { $TenantFilter = (get-tenants).customerId }
     try {
-        $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/inactiveUsers?`$count=true" -tenantid $env:TenantId | Where-Object { $_.tenantId -in $TenantFilter }
+        $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/inactiveUsers?`$count=true" -tenantid $env:TenantID | Where-Object { $_.tenantId -in $TenantFilter }
         $StatusCode = [HttpStatusCode]::OK
     } catch {
         $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message

Modules/CIPPCore/Public/Get-CIPPAuthentication.ps1

@@ -4,7 +4,7 @@ function Get-CIPPAuthentication {
     param (
         $APIName = 'Get Keyvault Authentication'
     )
-    $Variables = @('ApplicationId', 'ApplicationSecret', 'TenantId', 'RefreshToken')
+    $Variables = @('ApplicationID', 'ApplicationSecret', 'TenantID', 'RefreshToken')
 
     try {
         if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
@@ -34,5 +34,3 @@ function Get-CIPPAuthentication {
         return $false
     }
 }
-
-

Modules/CIPPCore/Public/Get-CIPPSchemaExtensions.ps1

@@ -2,7 +2,7 @@ function Get-CIPPSchemaExtensions {
     [CmdletBinding()]
     Param()
 
-    $Schemas = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/schemaExtensions?`$filter=owner eq '$($env:applicationid)' and status eq 'Available'" -NoAuthCheck $true -AsApp $true
+    $Schemas = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/schemaExtensions?`$filter=owner eq '$($ENV:ApplicationID)' and status eq 'Available'" -NoAuthCheck $true -AsApp $true
 
     $SchemaDefinitions = [PSCustomObject]@(
         @{

Modules/CIPPCore/Public/GraphHelper/Get-AuthorisedRequest.ps1

@@ -10,14 +10,14 @@ function Get-AuthorisedRequest {
         [string]$Uri
     )
     if (!$TenantID) {
-        $TenantID = $env:TenantId
+        $TenantID = $env:TenantID
     }
     if ($Uri -like 'https://graph.microsoft.com/beta/contracts*' -or $Uri -like '*/customers/*' -or $Uri -eq 'https://graph.microsoft.com/v1.0/me/sendMail' -or $Uri -like '*/tenantRelationships/*') {
         return $true
     }
     $Tenants = Get-Tenants -IncludeErrors
     $SkipList = Get-Tenants -SkipList
-    if (($env:PartnerTenantAvailable -eq $true -and $SkipList.customerId -notcontains $TenantID -and $SkipList.defaultDomainName -notcontains $TenantID) -or (($Tenants.customerId -contains $TenantID -or $Tenants.defaultDomainName -contains $TenantID) -and $TenantID -ne $env:TenantId)) {
+    if (($env:PartnerTenantAvailable -eq $true -and $SkipList.customerId -notcontains $TenantID -and $SkipList.defaultDomainName -notcontains $TenantID) -or (($Tenants.customerId -contains $TenantID -or $Tenants.defaultDomainName -contains $TenantID) -and $TenantID -ne $env:TenantID)) {
         return $true
     } else {
         return $false

Modules/CIPPCore/Public/GraphHelper/Get-ClassicAPIToken.ps1

@@ -11,7 +11,7 @@ function Get-ClassicAPIToken($tenantID, $Resource) {
         #Write-Host 'Using classic'
         $uri = "https://login.microsoftonline.com/$($TenantID)/oauth2/token"
         $Body = @{
-            client_id     = $env:ApplicationID
+            client_id     = $ENV:ApplicationID
             client_secret = $env:ApplicationSecret
             resource      = $Resource
             refresh_token = $env:RefreshToken
@@ -42,4 +42,4 @@ function Get-ClassicAPIToken($tenantID, $Resource) {
             Throw "Failed to obtain Classic API Token for $TenantID - $_"
         }
     }
-}
+}

Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1

@@ -48,7 +48,7 @@ function Get-GraphRequestList {
     #>
     [CmdletBinding()]
     Param(
-        [string]$TenantFilter = $env:TenantId,
+        [string]$TenantFilter = $env:TenantID,
         [Parameter(Mandatory = $true)]
         [string]$Endpoint,
         [hashtable]$Parameters = @{},
@@ -294,7 +294,7 @@ function Get-GraphRequestList {
                                     method = 'GET'
                                 }
                             }
-                            $TenantInfo = New-GraphBulkRequest -Requests @($ReverseLookupRequests) -tenantid $env:TenantId -NoAuthCheck $true -asapp $true
+                            $TenantInfo = New-GraphBulkRequest -Requests @($ReverseLookupRequests) -tenantid $env:TenantID -NoAuthCheck $true -asapp $true
 
                             $GraphRequestResults | Select-Object @{n = 'TenantInfo'; e = { Get-GraphBulkResultByID -Results @($TenantInfo) -ID $_.$ReverseTenantLookupProperty } }, *
 

Modules/CIPPCore/Public/New-CIPPAPIConfig.ps1

@@ -39,7 +39,7 @@ function New-CIPPAPIConfig {
             $currentSettings.properties.identityProviders.azureActiveDirectory = @{
                 registration = @{
                     clientId     = $APIApp.appId
-                    openIdIssuer = "https://sts.windows.net/$($ENV:TenantId)/v2.0"
+                    openIdIssuer = "https://sts.windows.net/$($ENV:TenantID)/v2.0"
                 }
                 validation   = @{
                     allowedAudiences = @("api://$($APIApp.appId)")