Forum Discussion

martindelille's avatar
martindelille
Copper Contributor
Jan 31, 2022

Something went wrong when trying to add a new key to an Azure AD application

I discovered this https://github.com/microsoft/StoreBroker/ that would allow me to automate pushing  my MSIX package to the partner center but I'm struggling on the authentication step:   I created...
Active Directory (AD)
Glasir's avatar
Glasir
Copper Contributor
Apr 07, 2022

martindelille Well, it took way longer than is reasonable, but I finally got this to work.

 

The response from support was... unhelpful, to say the least:

The application created with object Id <uuid> signInAudience is AzureADandPersonalMicrosoftAccount, which is converged application.

For converged application can't be update by Api lower than 2.0 by design.

Please try to use the API upper than 2.0 to make update application. You can use MSGraph v1.0 to update application. Here is the doc : Update application - Microsoft Graph v1.0 | Microsoft Docs


Still no idea why adding a key by clicking the buttons in the order described by their official documentation doesn't work, but this was at least enough to point me in a productive direction.

 

The trick is to use Microsoft's Graph Explorer tool to add the key to the service principal. Specifically, I:

1. Grabbed the UUID for the Service Principal for my application from the "User management" view in the Partner Center.

2. Used Graph Explorer to call the Graph API method:

https://graph.microsoft.com/v1.0/servicePrincipals/<uuid>/addPassword

You'll need to grant a bunch of permissions to Graph Explorer, but they're easy enough to revoke afterwards.

 

The graph API call will return a JSON blob with the new client secret in the "secretText" field.

 

I recommend deleting the Graph Explorer history once this is done, or it will save the response (and your client secret).

 

Hope this helps!

 

  • martindelille's avatar
    martindelille
    Copper Contributor
    Apr 23, 2022

    Hi Glasir,

     

    Thank you for sharing these informations. Unfortunely the query doesn't work on my side:

     

    {
    "error": {
        "code": "Request_BadRequest",
        "message": "Specified HTTP method is not allowed for the request target.",
        "innerError": {
            "date": "2022-04-23T14:37:21",
            "request-id": "xxx-xxx-xxx-xxx-xxx",
            "client-request-id": "xxx-xxx-xxx-xxx-xxx"
        }
    }
}

     

    When trying to call https://graph.microsoft.com/v1.0/servicePrincipals/xxx-xxx-xxx-xxx-xxx/, I have the following error:

     

    {
    "error": {
        "code": "Authorization_RequestDenied",
        "message": "Insufficient privileges to complete the operation.",
        "innerError": {
            "date": "2022-04-23T14:38:43",
            "request-id": "xxx-xxx-xxx-xxx-xxx",
            "client-request-id": "xxx-xxx-xxx-xxx-xxx"
        }
    }
}

     

    I tried to sign in with different accounts without success.

Resources