Home > other >  Get secret key expiration from graph API
Get secret key expiration from graph API

Time:11-01

I am trying to read all app registrations secrets to find out if any is about to expire. I can get the app registrations but cant find any secret information:

   var scopes = new string[] { "https://graph.microsoft.com/.default" };

    // Configure the MSAL client as a confidential client
    var confidentialClient = ConfidentialClientApplicationBuilder
        .Create(clientId)
        .WithAuthority($"https://login.microsoftonline.com/xxx-e95b-4ad0-a4fb-xxx/v2.0")
        .WithClientSecret(secret)
        .Build();

    // Build the Microsoft Graph client. As the authentication provider, set an async lambda
    // which uses the MSAL client to obtain an app-only access token to Microsoft Graph,
    // and inserts this access token in the Authorization header of each API request. 
    GraphServiceClient graphServiceClient =
        new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) => {

// Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
var authResult = await confidentialClient
    .AcquireTokenForClient(scopes)
    .ExecuteAsync();

// Add the access token in the Authorization header of the API request.
requestMessage.Headers.Authorization =
    new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
        })
        );

    var users = await graphServiceClient.Applications.Request().GetAsync();

    var app = users.Where(p => p.DisplayName == "MDMIntegrations").First();

    while (users.Count > 0)
    {
        if (users.NextPageRequest != null)
        {
            users = await users.NextPageRequest
                .GetAsync();
        }
        else
        {
            return;
        }
    }

This is what I get from the debugger. Is it not possible to get this information with the Microsoft.Graph client SDK?

enter image description here

CodePudding user response:

Here's an example how you could perform such a query:

var now = DateTime.UtcNow;
var apps = await client
    .Applications
    .Request()
    .Select(x => new
    {
        x.Id,
        x.DisplayName,
        x.PasswordCredentials,
    })
    .GetAsync();

var results = new List<Application>();
var pages = PageIterator<Application>.CreatePageIterator(
    client,
    apps,
    x =>
    {
        if (x.PasswordCredentials.Any(y => y.EndDateTime <= now))
        {
            results.Add(x);
        }
        return true;
    }
);

while (pages.State != PagingState.Complete)
{
    await pages.IterateAsync();
}

Unforunately you can't define a filter for the PasswordCredentials as you can't filter complex types so you'll need to do that within your application.

Page link:https//www.codepudding.com/other/174869.html

Prev:Scan operator with a result selector
Next:How to make a filter in DataGridView with two forms?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding