Azure-cli: can't find a service principal matching using az ad app credential reset on web application

Created on 25 Feb 2019 · 6Comments · Source: Azure/azure-cli

Describe the bug
Trying to append a password to an existing webapplication sp.
Cant using objectid or appid
Getting error: can't find a service principal matching '$id'

To Reproduce
az ad app create --display-name "test" --identifier-uris "https://test.com"
az ad app credential reset --id $id --append --password "test" --years 2

Expected behavior
To add a password to the az ad app

Environment summary
Windows 10, azure-cli (2.0.57)

Additional context
Would like to separate az ad app credential reset to reset and create so you don't have to add --append

Authorization-cli Shell - PowerShell bug

Source

tehho

👍1

Most helpful comment

Its sanitized, so the $id is the same guid as the input.

Testing with quotes:
objectid same error
appid: "Update to existing credential with KeyId '$id' is not allowed." Tested both with --credential-description "Test" and without.

I am owner of the app and can set the value using the portal

tehho on 28 Feb 2019

👍2

All 6 comments

This looks like a quoting issue. See the following link, particularly item 5.
https://github.com/Azure/azure-cli/blob/dev/doc/use_cli_effectively.md#quoting-issues

tjprescott on 25 Feb 2019

Howdy @tehho. Just to clarify, when you say:

Getting error: can't find a service principal matching '$id'

Do you mean that you literally see it say that it couldn't find '$id', or did you replace the actual id for the sake of sanitizing your data out when filing this issue?

edit: formatting

marstr on 28 Feb 2019

Its sanitized, so the $id is the same guid as the input.

Testing with quotes:
objectid same error
appid: "Update to existing credential with KeyId '$id' is not allowed." Tested both with --credential-description "Test" and without.

I am owner of the app and can set the value using the portal

tehho on 28 Feb 2019

👍2

Thanks for that clarification, @tehho. I'll take a look today.

marstr on 28 Feb 2019

Same error message here. I get an error when using the cli, but I am able to add a secret using the portal

azzlack on 1 Mar 2019

@marstr, thanks for bringing this to my attention. This bug stems from a wrong assumption that all graph apps should have an associated service principal in the directory, which is true in the area of Role Based Access Control, but the scenario here reveals people are using CLI commands just for graph object management hence the assumption no longer stands.