Remove-MgApplicationKey - 删除过期的应用注册证书
[英]Remove-MgApplicationKey - delete expired app registration certificates
原文
2023-02-01 10:45:02
1
1
powershell/
azure-active-directory/
microsoft-graph-api/
azure-app-registration
问题描述
我正在从 AzureAD 模块更新我当前的脚本,并想更新一个删除过期应用程序注册证书的脚本。
我可以使用新模块删除过期的机密,但是新命令 Remove-MgApplicationKey 需要根据 Microsoft 文档提供证明: https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.applications/remove- mgapplicationkey?view=graph-powershell-1.0 。 (作为此方法的请求验证的一部分,在执行操作之前验证现有密钥的所有权证明)。
`$params = @{
KeyId = "f0b0b335-1d71-4883-8f98-567911bfdca6"
Proof = "eyJ0eXAiOiJ..."
}
Remove-MgApplicationKey -ApplicationId $applicationId -BodyParameter $params`
关于如何在 PowerShell 中对此进行编码的任何建议?
谢谢。
来自 Microsoft 文档的 C# 示例: https://learn.microsoft.com/en-us/graph/application-rollkey-prooftoken
1 个解决方案
解决方案1
0 2023-02-01 11:25:14
代码看起来像这样
using assembly System;
using assembly System.Security.Cryptography.X509Certificates;
# Configure the following
$pfxFilePath = "<Path to your certificate file";
$password = "<Certificate password>";
$objectId = "<id of the application or servicePrincipal object>";
# Get signing certificate
#$signingCert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new([string]$pfxFilePath, [string]$password);
#$signingCert = [System.Security.Cryptography.X509Certificates]::X509Certificate2($pfxFilePath, $password);
$signingCert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new();
$signingCert.CreateFromEncryptedPemFile($pfxFilePath, $password, $null)
#$signingCert | Format-Table
#$signingCert.filename = $pfxFilePath;
#$signingCert.password = $password;
# audience
$aud = "00000002-0000-0000-c000-000000000000";
#aud and iss are the only required claims.
$claims = [System.Collections.Generic.Dictionary[string, object]]::new()
$claims.Add("aud", $aud)
$claims.Add("iss", $objectId)
#token validity should not be more than 10 minutes
$now = [DateTime]::UtcNow;
$securityTokenDescriptor = New-Object [System.Security.Cryptography.X509Certificates.SecurityTokenDescriptor]::new()
$securityTokenDescriptor.Claims = $claims,
$securityTokenDescriptor.NotBefore = $now,
$securityTokenDescriptor.Expires = $now.AddMinutes(10),
$securityTokenDescriptor.SigningCredentials = New-Object X509SigningCredentials($signingCert);
$handler = [Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler]::new();
$x = handler.CreateToken($securityTokenDescriptor);
Write-Host x;
删除 Azure 存储帐户中保留过期的不可变容器
[英]Delete Immutable container with expired retention in Azure Storage Account
提供的注册令牌无效。 确保它与客户端应用通过 FCM 注册收到的注册令牌相匹配
[英]Invalid registration token provided. Make sure it matches the registration token the client app receives from registering with FCM
Azure AD add App Role in App Registration using REST API
[英]Azure AD add App Role in App Registration using REST API
在 Firebase 通知注册和设备令牌后触发 Angular 应用程序逻辑
[英]Trigger Angular app logic after Firebase notifications registration and device token
使用 http 重定向 URL 但不是应用程序注册 Microsoft azure 中的“localhost”值
[英]Redirect URL with http but NOT 'localhost' value in app registration microsoft azure
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Azure ArmClient:删除Azure App注册
删除 Azure 存储帐户中保留过期的不可变容器
应用程序注册端点版本 2 的详细设置
Azure App注册“角色和管理员”
列出一个azure应用服务下的所有证书
Azure中的单个应用注册,用于移动应用调用自己的后端
提供的注册令牌无效。 确保它与客户端应用通过 FCM 注册收到的注册令牌相匹配
Azure AD add App Role in App Registration using REST API
在 Firebase 通知注册和设备令牌后触发 Angular 应用程序逻辑
使用 http 重定向 URL 但不是应用程序注册 Microsoft azure 中的“localhost”值
相关标签