Skill v1.0.0
currentTrusted Publisher100/100version: "1.0.0" name: set-app-registration-native description: Use when the user wants to wire a Power Apps Wrap mobile app to an Entra ID app registration by opening the Power Apps Wrap app-registration page, pasting the resulting client ID, and updating auth.config.json. user-invocable: true allowed-tools: Read, Edit, Write, Grep, Glob, Bash, AskUserQuestion model: sonnet
Shared instructions: [shared-instructions.md](${PLUGIN_ROOT}/shared/shared-instructions.md) — read first.
Set App Registration Native
Wire auth.config.json to an Entra ID app registration for a Power Apps Wrap mobile app.
This skill is manual by design:
- Do not create or patch app registrations from this skill.
- Use the public Power Apps Wrap app-registration page and then write the pasted client ID into
auth.config.json.
Workflow
- Verify app root -> 2. Resolve environment + tenant -> 3. Open Wrap registration URL -> 4. Capture client ID -> 5. Write
auth.config.json-> 6. Validate JSON -> 7. Summary
Step 1 — Verify app root
From the current directory, verify a generated mobile app root:
test -f auth.config.json && test -f app.config.js && test -f power.config.json
If this fails, stop and tell the user to run /create-mobile-app first or open the generated app folder.
Step 2 — Resolve environment + tenant
Use the same environment selected by the generated app. Prefer .resolved-environment.json, then auth.config.json.environment, then power.config.json + resolver:
ENV_ID=$(node -e "console.log(require('./power.config.json').environmentId || '')")TENANT_ID=$(node -e "try { const j=require('./.resolved-environment.json'); console.log(j.tenantId || '') } catch { console.log('') }" 2>/dev/null)if [ -z "$TENANT_ID" ]; thenTENANT_ID=$(node -e "try { const j=require('./auth.config.json'); console.log((j.environment && j.environment.tenantId) || '') } catch { console.log('') }" 2>/dev/null)fiif [ -z "$TENANT_ID" ] && [ -n "$ENV_ID" ]; thennode "${PLUGIN_ROOT}/scripts/resolve-environment.js" "$ENV_ID" > .resolved-environment.jsonTENANT_ID=$(node -e "const j=require('./.resolved-environment.json'); console.log(j.tenantId || '')")fiecho "$ENV_ID"echo "$TENANT_ID"
If ENV_ID is empty, stop: power.config.json is not initialized.
If TENANT_ID is empty, stop: environment resolution failed. Do not guess the tenant and do not use a stale msal.tenantId as the authority source.
Step 3 — Open Wrap app-registration page
Print the public Power Apps Wrap URL for the active environment:
https://make.powerapps.com/environments/<environment-id>/wraps#create-app-registration
Tell the user:
Open the Power Apps Wrap app-registration page for this environment:https://make.powerapps.com/environments/<environment-id>/wraps#create-app-registrationCreate/register the app there, then paste the Application (client) ID here.If you already have a client ID, paste it directly.If you cannot configure auth now, type skip.
Step 4 — Capture client ID
Ask:
Paste the Entra ID app registration client ID for tenant <tenant-guid> (GUID format), or type skip:
- If the user enters
skip, leavemsal.clientIdblank, ensuremsal.tenantIdis set to the resolved tenant, preserve/add theenvironmentcache, print the skip warning in Step 7, and stop. - Otherwise validate GUID format before editing.
Step 5 — Write auth.config.json
Update auth.config.json:
msal.clientId= pasted client IDmsal.tenantId= resolved tenant ID from Step 2- Preserve any top-level
environmentobject. - If
environmentis missing and.resolved-environment.jsonexists, copy the non-secret resolved environment fields into top-levelenvironment.
Use structured JSON editing. Do not store tokens, secrets, or current-user Dataverse identity fields.
Example target shape:
{"msal": {"clientId": "<client-id>","tenantId": "<tenant-guid>"},"environment": {"environmentId": "<environment-id>","environmentUrl": "https://org.crm.dynamics.com","tenantId": "<tenant-guid>","cachedAt": "<iso timestamp>"}}
Do not touch src/playerConfig.ts; auth identifiers live in auth.config.json only.
Step 6 — Validate JSON
node -e "JSON.parse(require('fs').readFileSync('auth.config.json','utf8')); console.log('auth.config.json OK')"
If dependencies are installed, optionally run:
npx tsc --noEmit
Do not run npm install or native builds from this skill.
Step 7 — Summary
If a client ID was written:
App registration wired.Client ID : <client-id>Tenant : <tenant-guid>Config : auth.config.json
If skipped:
Auth client ID was not configured.Tenant was preserved in auth.config.json: <tenant-guid>The app will fail to sign in until a client ID is added.Run /set-app-registration-native later, or paste a client ID into auth.config.json.