@Nick Tran :
You can use the Azure Active Directory (Azure AD) Graph API to list the OBO tokens that have been created for service principals. Here are the steps you can follow:
1) Authenticate to the Azure AD Graph API using the Azure CLI or other methods. You will need to have permissions to read service principals.
2) Get the object ID of the service principal that you are interested in. You can do this by running the following command:
az ad sp show --id <service-principal-name>
3) The command will return a JSON object containing information about the service principal, including its object ID.
4) Use the Graph API to list the OBO tokens for the service principal. You can do this by sending a GET request to the following endpoint:
https://graph.windows.net/<your-tenant-ID>/servicePrincipals/<service-principal-object-ID>/oauth2Per...
5) Replace <your-tenant-ID> with the ID of your Azure AD tenant and <service-principal-object-ID> with the object ID of the service principal that you obtained in step 2.
6)The response will be a JSON object containing a list of OAuth2PermissionGrant resources. Each resource represents an OBO token that has been granted to the service principal. You can extract the access token and other information from each resource.
I hope this helps! Let me know if you have any further questions.