I have many applications registered in Azure AD Tenant and many of these are having client secret keys issued for 1 or 2 years. Is there a way to get an alert before the expiry as expired keys will cause an outage.
We can also query the application
to get the end-date of secret key. Here is a code sample using client credentials flow via the Azure Graph client for your reference. And please ensure that you have grant the app with Directory.Read.All
permission to this API for using client credentials flow.
var graphResourceId = "https://graph.windows.net";
var appId= "";
var appObjectId = "";
var secret = "";
var clientCredential = new ClientCredential(appId,secret);
var tenantId = "xxx.onmicrosoft.com";
AuthenticationContext authContext = new AuthenticationContext($"https://login.microsoftonline.com/{tenantId}");
var accessToken = authContext.AcquireTokenAsync(graphResourceId, clientCredential).Result.AccessToken;
Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantId);
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await Task.FromResult(accessToken));
var app = activeDirectoryClient.Applications.GetByObjectId(appObjectId).ExecuteAsync().Result;
foreach (var passwordCredential in app.PasswordCredentials)
{
Console.WriteLine($"KeyID:{passwordCredential.KeyId}\r\nEndDate:{passwordCredential.EndDate}\r\n");
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With