Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Append a password to an ActiveDirectoryApplication #1388

Open
blacelle opened this issue Apr 8, 2021 · 7 comments
Open

Append a password to an ActiveDirectoryApplication #1388

blacelle opened this issue Apr 8, 2021 · 7 comments

Comments

@blacelle
Copy link

blacelle commented Apr 8, 2021

Query/Question
When I update a ActiveDirectoryApplication with passwords, it seems to remove existing ones. How can I append a password to the existing ones?

Why is this not a Bug or a feature Request?
This may be a feature request

app.update()
    .definePasswordCredential("additionalPass")
    .withPasswordValue("somePassword")
    .attach().apply();
@blacelle
Copy link
Author

blacelle commented Apr 8, 2021

I have side-note questions, unsure I should open additional tickets:

  • How can I explain the passwords created after an update are not visible in Azure portal? (e.g. with previous code adjusted to push 3 passwords, I see only the initial password ; one each call, the 3 additional passwords replaces the 3 previous ones, but Azure Portal shows only the initial manual password (or password created when registered the app)). az ad app credential list --id XXX shows all credentials (the initial one and the 3 programmatic ones).
  • How can I see the SP credentials in Azure Portal?

@blacelle
Copy link
Author

blacelle commented Apr 8, 2021

[
  {
    "additionalProperties": null,
    "customKeyIdentifier": null,
    "endDate": "2021-10-08T15:54:46.456000+00:00",
    "keyId": "ae27be7b-fabf-47a0-8177-2822adfa7e36",
    "startDate": "2021-04-08T15:54:46.456000+00:00",
    "value": null
  },
  {
    "additionalProperties": null,
    "customKeyIdentifier": "楴楴",
    "endDate": "2022-04-08T15:46:50.749000+00:00",
    "keyId": "XXX,
    "startDate": "2021-04-08T15:46:50.749000+00:00",
    "value": null
  },
  {
    "additionalProperties": null,
    "customKeyIdentifier": "慦ㄱ戶㠰㔭ㄱⴲ㜴敡戭㤶ⴶ敡慤㤱㑦",
    "endDate": "2022-04-08T15:46:50.749000+00:00",
    "keyId": "XXX",
    "startDate": "2021-04-08T15:46:50.749000+00:00",
    "value": null
  },
  {
    "additionalProperties": null,
    "customKeyIdentifier": "慡㐲攲散愭㙥ⴶ㤴㌸㠭㘹ⵤ㤴㤳搹昳",
    "endDate": "2022-04-08T15:46:50.749000+00:00",
    "keyId": "XXX",
    "startDate": "2021-04-08T15:46:50.749000+00:00",
    "value": null
  }
]

For an unknown reason, my customKeyIdentifier looks weird from az cli. My manual/azure-portal password has a null customKeyIdentifier.

@weidongxu-microsoft
Copy link
Member

weidongxu-microsoft commented Apr 9, 2021

@blacelle

The recommended SDK for AAD (MS graph) is https://github.com/microsoftgraph/msgraph-sdk-java

Java mgmt SDK still uses AAD graph, which will be end of support on 2022.
https://developer.microsoft.com/en-us/office/blogs/end-of-support-timelines-for-azure-ad-authentication-library-adal-and-azure-ad-graph/

@blacelle
Copy link
Author

blacelle commented Apr 9, 2021

@weidongxu-microsoft Thanks for the fast feedback. I'll try with this library. Any timeline to switch Azure Mgmt to MS Graph?

@weidongxu-microsoft
Copy link
Member

@blacelle

The new SDK actually migrated to MS graph. https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/resourcemanager

However we still recommend https://github.com/microsoftgraph/msgraph-sdk-java when one need to modify the AAD.

Management SDK does include some of the AAD functionality, but the main purpose is to enable user query the object ID (or ID in MS graph term) for application/user etc., for RBAC or access policies on Azure resource. It is not intended for user to use it to modify AAD.

@blacelle
Copy link
Author

Thanks @weidongxu-microsoft . Do ou have a code-snippet or a source to sketch the equivalent of:

app.update()
    .definePasswordCredential("additionalPass")
    .withPasswordValue("somePassword")
    .attach().apply();

given an IGraphServiceClient?

@weidongxu-microsoft
Copy link
Member

Might be this, not tested.

            ApplicationAddPasswordParameterSet param = new ApplicationAddPasswordParameterSet();
            param.passwordCredential = ...;
            graphClient.applications(id).addPassword(param).buildRequest().post();

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants