Cannot assign role to application

[s-leonard]

This is autogenerated. Please review and update as needed.

Describe the bug

Command Name
az ad app permission add

Errors:

not enough values to unpack (expected 2, got 1)
Traceback (most recent call last):
python3.6/site-packages/knack/cli.py, ln 233, in invoke
    cmd_result = self.invocation.execute(args)
cli/core/commands/__init__.py, ln 664, in execute
    raise ex
cli/core/commands/__init__.py, ln 727, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
cli/core/commands/__init__.py, ln 719, in _run_job
    return cmd_copy.exception_handler(ex)
...
cli/core/commands/__init__.py, ln 331, in __call__
    return self.handler(*args, **kwargs)
azure/cli/core/__init__.py, ln 816, in default_command_handler
    return op(**command_args)
cli/command_modules/role/custom.py, ln 913, in add_permission
    access_id, access_type = e.split('=')
ValueError: not enough values to unpack (expected 2, got 1)

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

• Put any pre-requisite steps here...
• az ad app permission add --id {} --api {} --api-permissions {}

Expected Behavior

Environment Summary

Linux-4.19.76-linuxkit-x86_64-with-debian-9.13
Python 3.6.10
Installer: DEB

azure-cli 2.19.1

Extensions:
storage-preview 0.7.0

Additional Context

I'm running the following script and the very last line errors.

serverappname="aaServerApp6"
clientappname="aaClientApp6"

echo "Creating Server Application Called $serverappname"
az ad app create --display-name $serverappname 

serverappId=$(az ad app list --display-name $serverappname --query [].appId -o tsv)
echo "$serverappname ApplicationID: $serverappId"

echo "creat service principle for the App"
az ad sp create --id $serverappId

echo "set application ID URI"
az ad app update --id $serverappId --identifier-uris "api://$serverappId"


echo "Assigning Read Role to Server App"
az ad app update --id $serverappId --app-roles @readrole.json

echo "created server app"


echo "Creating Client Application Called $clientappname"
az ad app create --display-name $clientappname 

clientappId=$(az ad app list --display-name $clientappname --query [].appId -o tsv)
echo "$clientappname ApplicationID: $clientappId"

echo "creat service principle for the App"
az ad sp create --id $clientappId

approleId=$(az ad sp show --id $serverappId --query "appRoles[].id" -o tsv)

az ad app permission add --id $clientappId --api $serverappId --api-permissions $approleId

The readrole.json file content is

[{
    "allowedMemberTypes": [
      "Application"
    ],
    "description": "description",
    "displayName": "readrole",
    "isEnabled": "true",
    "value": "readrole"
}]

Im trying to create to application registrations. The server app registration with a custom role and a client app registration that is assigned the customer role permission from the server app registration.

As far as I can see on the cos I've set all the correct values, but the error message doesn't give me much.

[yonzhan]

Graph