Reputation: 121
How can I add an App Registration key with PowerShell without breaking the Azure Portal?
I'm trying to automate the registration of Azure AD apps. However, it looks that managing Azure app registration keys with the Azure Portal and with the AzureAD PowerShell module is incompatible. Here is what I am doing:
- In the Azure Portal, register a new application
- In the Azure Portal, add some keys in the application, including one key named
AzurePortalKey
=> I can add and remove keys without a problem - In the AzureAD Powershell module (I've tried both the latest version 2.0.0.131 and the preview version), add a key to the application with the following command
New-AzureADApplicationPasswordCredential -ObjectId <object id here> -CustomKeyIdentifier "PowerShellKey" - The key appears in the Azure Portal as expected (there is a delay of 10-20 seconds until the key is displayed in the Azure Portal)
- In the Azure Portal, try to add or remove some other keys
=> These operations fail with an error message:Failed to update application test-bug keys.
Error detail: Unable to complete the request due to data validation error. - In the Azure Portal, remove the key
PowerShellKey(either with the key management screen or in the manifest file)
=> Managing keys in the Azure Portal works again
The problem might be due to different encodings of the CustomKeyIdentifier used by Powershell and the Azure Portal:
- The CustomKeyIdentifier
PowerShellKeyis retrieved as80, 111, 119, 101, 114, 83, 104, 101, 108, 108, 75, 101, 121(likely UTF-8 or some other 8-bits encoding) - The CustomKeyIdentifier
AzurePortalKeyis retrieved as65, 0, 122, 0, 117, 0, 114, 0, 101, 0, 80, 0, 111, 0, 114, 0, 116, 0, 97, 0, 108, 0, 75, 0, 101, 0, 121, 0(note the intermediary 0's, likely UTF-16 or some other 16-bits encoding)
Is there a way to manage keys with PowerShell without breaking the Azure Portal ?
Edit
Since it looks like a bug I've filed a suggestion in the Microsoft Azure feedback forums. Please upvote it if fixing this problem is important for you !
Upvotes: 1
Views: 1547
Answers (1)
Reputation: 9401
- If you just want to remove other keys which added from portal:
You can manage keys through Manifest.
Go to Azure portal > You Application > Manifest > Find and select the Key you want to remove > Delete it and save manifest.
Then you can success remove the Key.
- If you want to add keys from portal after adding keys from Powershell:
As you considered, two different keys have different customKeyIdentifier format. So, you should not apply customKeyIdentifier in Powershell.
You can just use New-AzureADApplicationPasswordCredential -ObjectId 53f6e6ea-xxxx-4ebe-xxxx-8309dad5003d to add keys from powershell.
This key's customKeyIdentifier in Manifest is null. You can see the key in portal which has Description with Key description .
Then you can add or remove keys from portal or powershell without breaking.
The following picture shows that I had added keys from portal after adding a key from Powershell.
Upvotes: 1
Related Questions
- Azure App registration add authorized client applications through powershell Azure CLI
- How to make an Azure app registration with platform SPA via Powershell
- How to set an API Key's "key description" of an Azure AD Registered App
- How to add application to Azure AD programmatically?
- Azure AD - using SP to create an app registration and its credentials
- Converged applications Azure AD v2, register programmatically
- Azure AD application adding a key via Powershell
- Azure CLI create KEY for an app
- How can I create an Azure AD Application Key?
- Automating creation of an Azure AD Web App Key