Append a password to an ActiveDirectoryApplication

[blacelle]

Query/Question When I update a ActiveDirectoryApplication with passwords, it seems to remove existing ones. How can I append a password to the existing ones?

Why is this not a Bug or a feature Request? This may be a feature request

app.update()
    .definePasswordCredential("additionalPass")
    .withPasswordValue("somePassword")
    .attach().apply();

[blacelle]

I have side-note questions, unsure I should open additional tickets:

• How can I explain the passwords created after an update are not visible in Azure portal? (e.g. with previous code adjusted to push 3 passwords, I see only the initial password ; one each call, the 3 additional passwords replaces the 3 previous ones, but Azure Portal shows only the initial manual password (or password created when registered the app)). az ad app credential list --id XXX shows all credentials (the initial one and the 3 programmatic ones).
• How can I see the SP credentials in Azure Portal?

[blacelle]

[
  {
    "additionalProperties": null,
    "customKeyIdentifier": null,
    "endDate": "2021-10-08T15:54:46.456000+00:00",
    "keyId": "ae27be7b-fabf-47a0-8177-2822adfa7e36",
    "startDate": "2021-04-08T15:54:46.456000+00:00",
    "value": null
  },
  {
    "additionalProperties": null,
    "customKeyIdentifier": "楴楴",
    "endDate": "2022-04-08T15:46:50.749000+00:00",
    "keyId": "XXX,
    "startDate": "2021-04-08T15:46:50.749000+00:00",
    "value": null
  },
  {
    "additionalProperties": null,
    "customKeyIdentifier": "慦ㄱ戶㠰㔭ㄱⴲ㜴敡戭㤶ⴶ敡慤㤱㑦",
    "endDate": "2022-04-08T15:46:50.749000+00:00",
    "keyId": "XXX",
    "startDate": "2021-04-08T15:46:50.749000+00:00",
    "value": null
  },
  {
    "additionalProperties": null,
    "customKeyIdentifier": "慡㐲攲散愭㙥ⴶ㤴㌸㠭㘹ⵤ㤴㤳搹昳",
    "endDate": "2022-04-08T15:46:50.749000+00:00",
    "keyId": "XXX",
    "startDate": "2021-04-08T15:46:50.749000+00:00",
    "value": null
  }
]

For an unknown reason, my customKeyIdentifier looks weird from az cli. My manual/azure-portal password has a null customKeyIdentifier.

[weidongxu-microsoft]

@blacelle

The recommended SDK for AAD (MS graph) is https://github.com/microsoftgraph/msgraph-sdk-java

Java mgmt SDK still uses AAD graph, which will be end of support on 2022. https://developer.microsoft.com/en-us/office/blogs/end-of-support-timelines-for-azure-ad-authentication-library-adal-and-azure-ad-graph/

[blacelle]

@weidongxu-microsoft Thanks for the fast feedback. I'll try with this library. Any timeline to switch Azure Mgmt to MS Graph?

[weidongxu-microsoft]

@blacelle

The new SDK actually migrated to MS graph. https://github.com/Azure/azure-sdk-for-java/tree/master/sdk/resourcemanager

However we still recommend https://github.com/microsoftgraph/msgraph-sdk-java when one need to modify the AAD.

Management SDK does include some of the AAD functionality, but the main purpose is to enable user query the object ID (or ID in MS graph term) for application/user etc., for RBAC or access policies on Azure resource. It is not intended for user to use it to modify AAD.

[blacelle]

Thanks @weidongxu-microsoft . Do ou have a code-snippet or a source to sketch the equivalent of:

app.update()
    .definePasswordCredential("additionalPass")
    .withPasswordValue("somePassword")
    .attach().apply();

given an IGraphServiceClient?

[weidongxu-microsoft]

Might be this, not tested.

            ApplicationAddPasswordParameterSet param = new ApplicationAddPasswordParameterSet();
            param.passwordCredential = ...;
            graphClient.applications(id).addPassword(param).buildRequest().post();