I'm creating new application using
POST https://graph.microsoft.com/beta/applications
I can get the AppId back, but can't find a way to get the AppKey. I would like to access that app later using application credentials.
Update: That what I send as password credential during the application creation:
newAppObj.passwordCredentials = new List<AOBJ.AzurePasswordCredential>(){
new AOBJ.AzurePasswordCredential()
{
customKeyIdentifier = "T1rEXhNmUUmVqimnBPkirw==",
keyId = Guid.NewGuid().ToString(),
value = "WgjbF8vG3GM1XRGpc43fvtiO7ScpTGwh0jd6CjIRd40dCX3kP8LMlCdcrrEPBRidI4CXW1OCnSQJQxOzX+oIUw==",
startDate ="2016-06-01T13:59:30Z",// DateTimeOffset.UtcNow,
endDate = "2017-06-02T13:59:30Z"//DateTimeOffset.UtcNow.AddYears(2)
}
};
When I then generate authorization token using the secret key that I set before as value, I get this response back, when trying to use is to call MicrosoftGraph API:
{
"error": {
"code": "Authorization_IdentityNotFound",
"message": "The identity of the calling application could not be established.",
"innerError": {
"request-id": "42d3f97d-5ccb-4680-a6c2-dceb160d19c7",
"date": "2016-06-02T21:03:31"
}
}
}
When I create the secret key manually via Azure portal, the api call works fine.
Update 2:
So, turned out that the POST to create application didn't create the underlying ServicePrincipal object. I had to create it after the application was created.
var servicePrincipal = O365OutlookClient.GetServicePrincipalForApp(InOnBoardingToken, createdAppObj.appId);
if (servicePrincipal== null || servicePrincipal.appId==null)
{
var servicePrincipalObj = new AOBJ.AzureServicePrincipal();
servicePrincipalObj.appId = createdAppObj.appId;
servicePrincipalObj.displayName = createdAppObj.displayName;
servicePrincipalObj.accountEnabled = true;
var servicePrincipalJson = O365OutlookClient.PostServicePrincipalSync(InOnBoardingToken, servicePrincipalObj);
}
Application password credentials need to be generated and set by you (either when you create the application, or later as a
PATCH
to the application). You can do this by generating a strong random value, creating a passwordCredential and adding it to thepasswordCredentials
collection:customKeyIdentifier
is a base64-encoded byte array (can be whatever you want),keyId
is a newly-generated Guid, andstartDate
andendDate
are the dates in which the password credential are valid. The actual secret key is stored invalue
.