azure - 使用 Microsoft Graph API 更新 Azure AD 应用程序 key 或 secret - BadRequest 错误

Question

我正在尝试使用应用程序资源类型的 Microsoft Graph API beta 端点来修补应用程序的密码凭据。

https://graph.microsoft.com/beta/applications/{applicationId}

内容变量是这样的 JSON 序列化表示:

[{
"customKeyIdentifier":null,
"endDateTime":"2019-11-19T23:16:24.2602448Z",
"keyId":"47fde652-8b60-4384-b630-8e5f8f6e24b1",
"startDateTime":"2018-11-19T23:16:24.2602448Z",
"secretText":"SomeGeneratedPassword",
"hint":null
}]

调用代码是这样的:

using (HttpClient client = new HttpClient())
            {
                client.BaseAddress = new Uri("https://graph.microsoft.com");
                client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authHeaderValue.Result.AccessToken);
                client.DefaultRequestHeaders
                    .Accept
                    .Add(new MediaTypeWithQualityHeaderValue("application/json"));

                var method = new HttpMethod("PATCH");
                var requestUri = $"https://graph.microsoft.com/beta/applications/{applicationId}";
                var content = GeneratePasswordCredentials(passwordHint);
                var request = new HttpRequestMessage(method, requestUri)
                {
                    Content = new StringContent(
                        content,
                        System.Text.Encoding.UTF8,
                        "application/json")
                };
                request.Headers
                    .Accept
                    .Add(new MediaTypeWithQualityHeaderValue("application/json"));
                var resultApi = await client.SendAsync(request);
                response = await resultApi.Content.ReadAsStringAsync();
            }

身份验证似乎工作正常，但响应是这样的(为简洁起见，删除了内部错误):

{
  "error": {
    "code": "BadRequest",
    "message": "Empty Payload. JSON content expected.",
  }
}

上面的代码有什么问题吗？

Answer 1

正文内容格式应为

{
  "passwordCredentials":
    [
      {"customKeyIdentifier":"YWJjZA==",
      "startDateTime":"2018-11-20T02:37:07.3963006Z",
      "endDateTime":"2019-11-20T02:37:07.3963006Z",
      "secretText":"The passwords must be 16-64 characters in length",
      "keyId":"aeda515d-dc58-4ce6-a452-3bc3d84f58a3",
      "hint":"xxx"}
    ]
}

以下演示代码用于生成PasswordCredentials正文内容

public static string GeneratePasswordCredentials(string passwordHint)
   {
         var passwordCredential = new JObject
         {
                new JProperty("customKeyIdentifier",Encoding.UTF8.GetBytes(passwordHint)),
                new JProperty("startDateTime",DateTime.UtcNow),
                new JProperty("endDateTime", DateTime.UtcNow.AddYears(1)),
                new JProperty("secretText", "The passwords must be 16-64 characters in length"),
                new JProperty("keyId", Guid.NewGuid().ToString()),
                new JProperty("hint", passwordHint)
         };
         JArray jArray = new JArray
         {
              passwordCredential
         };
         var jsonObject = new JObject
         {
              new JProperty("passwordCredentials",jArray)
         };

         var json = JsonConvert.SerializeObject(jsonObject);
         return json;
     }

注意:请求网址应为 $"https://graph.microsoft.com/beta/applications/{ApplicationObjectId}"