Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I tell when a Azure AD client secret expires?

I have many applications registered in Azure AD Tenant and many of these are having client secret keys issued for 1 or 2 years. Is there a way to get an alert before the expiry as expired keys will cause an outage.

like image 246
Shiju Samuel Avatar asked May 19 '17 17:05

Shiju Samuel


Video Answer


1 Answers

We can also query the application to get the end-date of secret key. Here is a code sample using client credentials flow via the Azure Graph client for your reference. And please ensure that you have grant the app with Directory.Read.All permission to this API for using client credentials flow.

var graphResourceId = "https://graph.windows.net";
var appId= "";
var appObjectId = "";
var secret = "";
var clientCredential = new ClientCredential(appId,secret);
var tenantId = "xxx.onmicrosoft.com";
AuthenticationContext authContext = new AuthenticationContext($"https://login.microsoftonline.com/{tenantId}");
var accessToken = authContext.AcquireTokenAsync(graphResourceId, clientCredential).Result.AccessToken;

Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantId);

ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await Task.FromResult(accessToken));

var app = activeDirectoryClient.Applications.GetByObjectId(appObjectId).ExecuteAsync().Result;

foreach (var passwordCredential in app.PasswordCredentials)
{
    Console.WriteLine($"KeyID:{passwordCredential.KeyId}\r\nEndDate:{passwordCredential.EndDate}\r\n");
}
like image 74
Fei Xue - MSFT Avatar answered Nov 15 '22 05:11

Fei Xue - MSFT