Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resetting the app registration credentials with the sp object id does return a new password but does not save it #23843

Closed
TobiTh opened this issue Sep 12, 2022 · 7 comments
Closed

Resetting the app registration credentials with the sp object id does return a new password but does not save it #23843

TobiTh opened this issue Sep 12, 2022 · 7 comments
Assignees
@jiasli
Labels
Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team customer-reported Issues that are reported by GitHub users external to the Azure organization. Graph az ad question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@TobiTh
Copy link

TobiTh commented Sep 12, 2022

Describe the bug

When using the credential reset command on the sp level with the sp object id, the password gets not resetted. The CLI does return a new passord but the Azure Portal does not show it in the app registration.
The documentation does say that it works with the spObjectId, which it did for a while.

The credential reset does work with the appId or with the az ad app credential reset command with either the appObjectId or the appId.

Command Name
az ad sp credential reset

To Reproduce:

  • $applicationId = az ad app create --display-name "TMP_APP" --query appId -o tsv --only-show-errors
  • $spObjectId = az ad sp create --id $applicationId --query id -o tsv --only-show-errors
  • az ad sp credential reset --id "$spObjectId" --display-name {} --query {} -o {} --only-show-errors

Expected Behavior

A new password gets shown and it is visible in the azure portal in the app registration.
The actual behaviour is that a new password gets shown, but it is not visible in the azure portal in the app registration.

Environment Summary

Windows-10-10.0.19044-SP0
Python 3.10.4
Installer: MSI

azure-cli 2.37.0 *

Extensions:
managementpartner 0.1.3

Dependencies:
msal 1.18.0b1
azure-mgmt-resource 21.1.0b1

Additional Context
@ghost ghost added customer-reported Issues that are reported by GitHub users external to the Azure organization. Auto-Assign Auto assign by bot Graph az ad labels Sep 12, 2022
@ghost ghost assigned jiasli Sep 12, 2022
@ghost ghost added this to the Backlog milestone Sep 12, 2022
@yonzhan yonzhan added Azure CLI Team The command of the issue is owned by Azure CLI team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Sep 12, 2022
@yonzhan
Copy link
Collaborator

yonzhan commented Sep 12, 2022

@jiasli for awareness

@danielwuff
Copy link

danielwuff commented Sep 15, 2022
edited
Loading

Facing same issue, reset not acting same after 2.37.0 when --name changed to -- id, customKeyIdentifier is not showing after 2.37.0 and reset is not working:

//2.36.0:
image

//2.37.0:
image

after 2.37.0

az ad sp credential reset --name '$SP_ID' --query password -o tsv

to renew the Service Principal secret, the command completes successfully and returns the password, but the secret is not renewed.

@yonzhan yonzhan added feature-request and removed question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Oct 3, 2022
@JQUINONES82
Copy link

Issue is the same when generating new certificates.

@Azure:~$ az ad app credential reset --id xxxxxxxxxxxxxxxxxxxxxx --create-cert
The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. For more information, see https://aka.ms/azadsp-cli
{
"appId": "",
"fileWithCertAndPrivateKey": "/xxxxxxxxxx/tmphrn623of.pem",
"password": null,
"tenant": "xxxxxxxxxxxxxxxxxxxxxxxxxx"
}

Azure AD is not updated.

@mthebridge
Copy link

This is still a problem a year later. What's the point of providing a useful command for refreshing credentials if it silently fails?

@mthebridge
Copy link

I think this is actually a duplicate of #23566. Resolution is to use az ad app ... rather than az ad sp ...

@jiasli
Copy link
Member

jiasli commented Sep 26, 2023

@mthebridge is correct. This issue is a duplicate of #23566.

@jiasli jiasli closed this as completed Sep 26, 2023
@jiasli jiasli added question The issue doesn't require a change to the product in order to be resolved. Most issues start as that and removed feature-request labels Sep 26, 2023
@jiasli jiasli removed this from the Backlog milestone Sep 26, 2023
@jiasli
Copy link
Member

jiasli commented Sep 26, 2023

@danielwuff, in AD Graph, customKeyIdentifier was used as the display name for passwordCredential, but in Microsoft Graph, it was deprecated:

https://learn.microsoft.com/en-us/graph/api/resources/passwordcredential?view=graph-rest-1.0

customKeyIdentifier Binary Do not use.

It was replaced by displayName:

displayName String Friendly name for the password. Optional.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jiasli jiasli

Labels
Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team customer-reported Issues that are reported by GitHub users external to the Azure organization. Graph az ad question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@TobiTh @jiasli @mthebridge @JQUINONES82 @yonzhan @danielwuff