-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
az ad sp credential list --id xxxxx-xxxx-xxx customKeyIdentifier value is null #10234
Comments
I can reproduce. This doesn't seem like a CLI issue. When adding keys in Azure Portal using new UI, the corresponding items created in manifest have |
@jiasli 👍, is there a plan to update to get the value of 'customKeyIdentifier' for the secrets created through portal? |
Thank you for the feedback. We will work with REST specs team to fix this issue as soon as possible. |
@jiasli did you get an update from REST specs team ? |
Pinging this. It looks like the graph API now returns displayName and a hint for a passwordCredential in the portal using |
The API you used is AD Graph API v2.0 which contains those fields. Without the REST spec for 2.0, we can't generate the Python SDK and build the CLI commands accordingly. We are still working with AAD team on this issue. Thanks for your patience. Meanwhile, you may directly use Using List applications, replacing az rest --method get \
--uri "https://graph.microsoft.com/v1.0/applications?$filter=appId eq '{appId}'" Using Get application, replacing az rest --method get \
--uri https://graph.microsoft.com/v1.0/applications/{objectId} Then you may use
|
We will track MS Graph issues at #12946 |
This is not working for me, it returns an empty value. I am trying to get the password for an SP tied to this app... This is because the following command:
Fails with the following error: When present, application key identifier cannot be empty and can be at most 32 bytes.
|
Hi @ernani, Root cause and solutionAs the error suggested,
The
|
client.applications.patch(app.object_id, app_patch_param) |
We have an ongoing PR #11466 discussing this issue.
Using Microsoft Graph API
According to Microsoft Graph API passwordCredential resource type, customKeyIdentifier
is deprecated.
We don't recommend using this legacy command az ad sp credential reset
anymore. Please use Microsoft Graph API servicePrincipal: addPassword instead:
$ id="{service principal object ID}"
$ az rest -m POST -u https://graph.microsoft.com/v1.0/servicePrincipals/$id/addPassword -b '{
"passwordCredential": {
"displayName": "behold-my-very-long-password-description"
}
}'
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#microsoft.graph.passwordCredential",
"customKeyIdentifier": null,
"displayName": "behold-my-very-long-password-description",
"endDateTime": "2022-06-03T02:30:42.0816985Z",
"hint": null,
"keyId": "592e77f1-10d6-49a5-9a2b-d9a79840bf68",
"secretText": "LGO_9xxxxxxxxxxxxxxxxxxxx",
"startDateTime": "2020-06-03T02:30:42.0816985Z"
}
Describe the bug
Credential property customKeyIdentifier value is null for the secrets created using new improved app registration UI.
To Reproduce
-Add a client secret using new UI.
-execute az ad sp credential list --id xxxxx-xxxx-xxx
Expected behavior
it should return the "description" of the secrets which works for the secrets created using old UI.
Environment summary
az --version
azure-cli 2.0.69 *
OS version
sw_vers
ProductName: Mac OS X
ProductVersion: 10.14.5
BuildVersion: 18F132
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: