azure microsoft-graph-api sharepoint-online azure-app-registration

How can I get SharePoint app roles with Graph?

I am looking for the internal ID for the SharePoint Online application roles, the second on this screenshot:

For Graph, I an list them like this:

https://graph.microsoft.com/v1.0/servicePrincipals?$filter=displayName eq 'Microsoft Graph'&$select=displayName,appRoles

This returns, among others, the following Graph API role:

{
                    "allowedMemberTypes": [
                        "Application"
                    ],
                    "description": "Allow the application to access a subset of site collections without a signed in user.  The specific site collections and the permissions granted will be configured in SharePoint Online.",
                    "displayName": "Access selected site collections",
                    "id": "....",
                    "isEnabled": true,
                    "origin": "Application",
                    "value": "Sites.Selected"
                }

The id here is tenant specific. I would like to get the id for the same role, under the SharePoint Online resource. I need this to grant admin consent from our self service tool.

However, I cannot find anything via this endpoint. I listed everything that looks like SharePoint:

https://graph.microsoft.com/v1.0/servicePrincipals?$filter=startswith(displayName,'SharePoint')&$select=displayName,appRoles

but all the appRoles arrays are empty:

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#servicePrincipals(displayName,appRoles)",
    "value": [
        {
            "displayName": "SharePoint Home Notifier",
            "appRoles": []
        },
        {
            "displayName": "SharePoint Notification Service",
            "appRoles": []
        },
        {
            "displayName": "SharePoint Notification Service",
            "appRoles": []
        },
        {
            "displayName": "SharePoint Online Client",
            "appRoles": []
        },
        {
            "displayName": "SharePoint Online Client Extensibility",
            "appRoles": []
        },
        {
            "displayName": "SharePoint Online Client Extensibility Web Application Principal",
            "appRoles": []
        },
        {
            "displayName": "SharePoint Online Client Extensibility Web Application Principal Helper",
            "appRoles": []
        },
        {
            "displayName": "SharePoint Online Web Client Extensibility",
            "appRoles": []
        },
        {
            "displayName": "SharePoint Online Web Client Extensibility Isolated",
            "appRoles": []
        },
        {
            "displayName": "SharePointAdmin",
            "appRoles": []
        }
    ]
}

Can someone please point me out how to get this out? Again, this is tenant-specific and not the same that you would get from the MS documentation or by reverse engineering the Application endpoint with a handmade app.

Solution

The official name is Office 365 SharePoint Online

GET /v1.0/servicePrincipals?$filter=displayName eq 'Office 365 SharePoint Online'&$select=id,displayName,appRoles,appId

appId should be unique across all tenants

GET /v1.0/servicePrincipals?$filter=appId eq '00000003-0000-0ff1-ce00-000000000000'&$select=id,displayName,appRoles,appId

App id for Office 365 SharePoint Online 00000003-0000-0ff1-ce00-000000000000

App id for Microsoft Graph 00000003-0000-0000-c000-000000000000