I'm trying to automate the registration of Azure AD apps. However, it looks that managing Azure app registration keys with the Azure Portal and with the AzureAD PowerShell module is incompatible. Here is what I am doing:
- In the Azure Portal, register a new application
- In the Azure Portal, add some keys in the application, including one key named
AzurePortalKey
=> I can add and remove keys without a problem - In the AzureAD Powershell module (I've tried both the latest version 2.0.0.131 and the preview version), add a key to the application with the following command
New-AzureADApplicationPasswordCredential -ObjectId <object id here> -CustomKeyIdentifier "PowerShellKey" - The key appears in the Azure Portal as expected (there is a delay of 10-20 seconds until the key is displayed in the Azure Portal)
- In the Azure Portal, try to add or remove some other keys
=> These operations fail with an error message:Failed to update application test-bug keys.
Error detail: Unable to complete the request due to data validation error. - In the Azure Portal, remove the key
PowerShellKey(either with the key management screen or in the manifest file)
=> Managing keys in the Azure Portal works again
The problem might be due to different encodings of the CustomKeyIdentifier used by Powershell and the Azure Portal:
- The CustomKeyIdentifier
PowerShellKeyis retrieved as80, 111, 119, 101, 114, 83, 104, 101, 108, 108, 75, 101, 121(likely UTF-8 or some other 8-bits encoding) - The CustomKeyIdentifier
AzurePortalKeyis retrieved as65, 0, 122, 0, 117, 0, 114, 0, 101, 0, 80, 0, 111, 0, 114, 0, 116, 0, 97, 0, 108, 0, 75, 0, 101, 0, 121, 0(note the intermediary 0's, likely UTF-16 or some other 16-bits encoding)
Is there a way to manage keys with PowerShell without breaking the Azure Portal ?
Edit
Since it looks like a bug I've filed a suggestion in the Microsoft Azure feedback forums. Please upvote it if fixing this problem is important for you !
