2

We are trying to create secrets for applications in b2c tenant from powershell.

After searching a lot, came across these commands that are working fine for normal applications.

$StartDate = Get-Date
$EndDate = $StartDate.AddYears(5)
New-AzureADApplicationPasswordCredential -CustomKeyIdentifier b2csecret -ObjectId 6133a24a-2cc7-4b47-901c-2e2c67b0bed6 -EndDate $EndDate

But this fails for applications of Accounts in any identity provider or organizational directory (for authenticating users with user flows) type.

    New-AzureADApplicationPasswordCredential : Error occurred while executing SetApplication
    Code: Request_BadRequest
    Message: Updates to converged applications are not allowed in this version.
    RequestId: 9630857f-6d32-4788-8637-0a15967beb22
    DateTimeStamp: Wed, 05 Apr 2023 13:22:19 GMT
    HttpStatusCode: BadRequest
    HttpStatusDescription: Bad Request
    HttpResponseStatus: Completed
    At line:3 char:1
    + New-AzureADApplicationPasswordCredential -CustomKeyIdentifier b2csecr ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [New-AzureADApplicationPasswordCredential], ApiException
        + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD.Graph.PowerShell.Custom.NewAzureADA
pplicationPasswordCredential

Updates to converged applications are not allowed in this version means is there no way? How to create secrets in b2c application of Accounts in any identity provider or organizational directory (for authenticating users with user flows) type programmatically from powershell?

SPT
  • 139
  • 1
  • 6
Waltz
  • 23
  • 5

1 Answers1

2

I tried to reproduce the same in my environment and got below results:

I registered one B2C application with same account type as you like below:

enter image description here

When I ran same commands as you to create client secret, I got same error like this:

$StartDate = Get-Date
$EndDate = $StartDate.AddYears(5)
New-AzureADApplicationPasswordCredential -CustomKeyIdentifier b2csecret -ObjectId 210903f0-f7e4-4bd8-9de8-61b419f99ea7 -EndDate $EndDate

Response:

enter image description here

Alternatively, you can make use of below commands by connecting to Microsoft Graph like this:

Connect-MgGraph -Scopes "Application.ReadWrite.All"
Import-Module Microsoft.Graph.Applications

$params = @{
    PasswordCredential = @{
        DisplayName = "b2csecret"
    }
}

Add-MgApplicationPassword -ApplicationId <b2cObjectID> -BodyParameter $params

Response:

enter image description here

When I checked the same in Portal, client secret created successfully in B2C application like below:

enter image description here

Sridevi
  • 10,599
  • 1
  • 4
  • 17