Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Something went wrong when trying to add a new key to an Azure AD application

Copper Contributor

I discovered this https://github.com/microsoft/StoreBroker/ that would allow me to automate pushing  my MSIX package to the partner center but I'm struggling on the authentication step:

 

I created a Azure AD Application with the following information:
- reply url: I read in the documentation that I could put what I wanted here)
- app id uri: api://buildci2


Unfortunately, when trying to create a new key, I have the following error message: 

martindelille_0-1643622786935.png

 

I tried contacting the support without success. Would anybody have a clue about how to solve this ?

4 Replies

I have been running into exactly the same issue while trying to set up automated signing following these instructions. When trying to add a new key for my Azure AD application, the UI just says "Something went wrong" with a generic HTTP 400 response.

 

I contacted support a week ago and haven't heard back yet. Will update here if I get a useful response.

@martindelille Well, it took way longer than is reasonable, but I finally got this to work.

 

The response from support was... unhelpful, to say the least:

The application created with object Id <uuid> signInAudience is AzureADandPersonalMicrosoftAccount, which is converged application.

For converged application can't be update by Api lower than 2.0 by design.

Please try to use the API upper than 2.0 to make update application. You can use MSGraph v1.0 to update application. Here is the doc : Update application - Microsoft Graph v1.0 | Microsoft Docs



Still no idea why adding a key by clicking the buttons in the order described by their official documentation doesn't work, but this was at least enough to point me in a productive direction.

 

The trick is to use Microsoft's Graph Explorer tool to add the key to the service principal. Specifically, I:

1. Grabbed the UUID for the Service Principal for my application from the "User management" view in the Partner Center.

2. Used Graph Explorer to call the Graph API method:

https://graph.microsoft.com/v1.0/servicePrincipals/<uuid>/addPassword

You'll need to grant a bunch of permissions to Graph Explorer, but they're easy enough to revoke afterwards.

 

The graph API call will return a JSON blob with the new client secret in the "secretText" field.

 

I recommend deleting the Graph Explorer history once this is done, or it will save the response (and your client secret).

 

Hope this helps!

 

Hi @Glasir,

 

Thank you for sharing these informations. Unfortunely the query doesn't work on my side:

 

{
    "error": {
        "code": "Request_BadRequest",
        "message": "Specified HTTP method is not allowed for the request target.",
        "innerError": {
            "date": "2022-04-23T14:37:21",
            "request-id": "xxx-xxx-xxx-xxx-xxx",
            "client-request-id": "xxx-xxx-xxx-xxx-xxx"
        }
    }
}

 

When trying to call https://graph.microsoft.com/v1.0/servicePrincipals/xxx-xxx-xxx-xxx-xxx/, I have the following error:

 

{
    "error": {
        "code": "Authorization_RequestDenied",
        "message": "Insufficient privileges to complete the operation.",
        "innerError": {
            "date": "2022-04-23T14:38:43",
            "request-id": "xxx-xxx-xxx-xxx-xxx",
            "client-request-id": "xxx-xxx-xxx-xxx-xxx"
        }
    }
}

 

I tried to sign in with different accounts without success.