Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

calling ad sp credential list returns empty

See original GitHub issue

When calling az ad sp credential list it returns empty value but after renewing a password for the first time it shows the correct value.

To Reproduce

Create a spn and then call

 az ad sp credential list --id {app id}

then renew a password for the spn and call the above command again

Expected behavior It should show the expiry date of spn before renewing the password.

After further investigation I noticed the command is calling below url: ‘https://graph.windows.net/tenant/applications/{objectid}/passwordCredentials?api-version=1.6’ which is the same url for az ad app credential.

It should call ‘https://graph.windows.net/tenant/serviceprincipals/{objectid}/passwordCredentials?api-version=1.6

What’s more ,if url of serviceprincipal is called it doesn’t return the latest expiry date after renewing the password which is another issue.

azure-cli 2.32.0

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:10 (3 by maintainers)

github_iconTop GitHub Comments

2reactions
jiaslicommented, Aug 4, 2022

Azure Portal can only show app’s credential, not service principal’s. Use az ad app credential list to get the same behavior as Azure Portal.

2reactions
dosmanakcommented, Aug 4, 2022

Hello. I also get empty response on az ad sp credential list --id <<sp.appId>>.

When I search for the service principal in portal, I was able to found the expiry info and obfuscated secret under AAD->Apps Registrations->Certificates and Secrets

$ az version
Azure-cli    Azure-cli-core    Azure-cli-telemetry
-----------  ----------------  ---------------------
2.38.0       2.38.0            1.0.6

EDIT:

I was able to get the information using

az ad app show --id <<app.id>> -o json --query 'passwordCredentials[].endDateTime'

or

az ad app credential list --id <<app.id>>

Where id is to be found using

az ad app list --app-id <<sp.appId>> -o tsv --query '[].id'
Read more comments on GitHub >

github_iconTop Results From Across the Web

"az ad sp credential list " command output "enddate" to ...
I am able to get reports using Az cli "az ad sp credential list" but stuck with date conversion. az ad sp credential...
Read more >
az ad sp credential
Manage a service principal's password or certificate credentials. In this article. Commands; az ad sp credential delete; az ad sp credential list; az...
Read more >
Creating an azure service principal with the azure CLI
The response is an empty list which confirms roles are not yet assigned []. Create new credentials with a client secret az ad...
Read more >
azure/ms-rest-nodeauth
For that same reason, the list of subscriptions expected in the return value ... Then execute az ad sp create-for-rbac --sdk-auth > ${yourFilename.json}...
Read more >
Onboarding the Azure Secrets Engine for Vault
Azure credentials must be provided to Vault for authentication. ... It calls the az ad sp create-for-rbac command.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Cannot retrieve MongoDB information

Next page

Operation returned an invalid status 'Bad Request' when trying to set a custom domain