如何在Azure Active Directory中查询应用程序客户端密钥? [英] How Do I Query Azure Active Directory For An Application Client Secret?

问题描述

我需要将我的API管理与Azure Active Directory身份提供程序链接.

I need to link my API Management with an Azure Active Directory Identity Provider.

为此，我必须使用REST API，该API要求将客户端机密作为主体的一部分:

In order to do that I have to use the REST API which requires the client secret as a part of the body:

https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/identityprovider/createorupdate

我不想将客户端机密签入源代码控制，所以我想我会即时从Active Directory中检索客户端机密:

I don't want to check in the client secret to source control so I thought I would retrieve the client secret from Active Directory on the fly:

当我尝试

When I try to list the app credentials with az ad app credential list --id xxxx-my-long-id-xxx it doesn't return the secret:

[
  {
    "additionalProperties": null,
    "customKeyIdentifier": null,
    "endDate": "2020-08-16T14:11:44.782000+00:00",
    "keyId": "xxxxx-xxxx-x-xxx--xx-xxxxx",
    "startDate": "2019-08-16T14:11:53.862000+00:00",
    "value": null
  }
]

是否有另一种获取客户机密的方法?

Is there an alternative way to get the client secret?

也许通过其余的api?

Maybe via the rest api?

推荐答案

对于服务主体机密，您只需在创建时就可以看到它.创建时间过后，您将再也看不到它.因此，如果您忘记了服务主体机密，则只需重置该机密即可获得一个新的机密.您可以看到消息此处:

For the service principal secret, you can just get it to see in the creation time. You will never see it anyway after the creation time. So if you forget the service principal secret, you just can reset the secret and then you can get a new one. You can see the messages here:

请确保您复制此值-无法检索它.如果你忘记了密码，重置服务主体凭据.

Make sure you copy this value - it can't be retrieved. If you forget the password, reset the service principal credentials.

此处的重置命令:

az ad sp credential reset --name yourApplicationName

有关该命令的更多详细信息，请参见

For more details about the command, see az ad sp credential reset.

这篇关于如何在Azure Active Directory中查询应用程序客户端密钥?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！