Adiciona uma credencial de chave a um servicePrincipal. Esse método junto com removeKey pode ser usado por um servicePrincipal para automatizar a rolagem de suas chaves expirando.
Como parte da validação da solicitação para esse método, uma prova de posse de uma chave existente é verificada antes que a ação possa ser executada.
ServicePrincipals que não têm certificados válidos existentes (ou seja: nenhum certificado foi adicionado ainda ou todos os certificados expiraram), não poderão usar essa ação de serviço.
Atualizar o serviçoPrincipal pode ser usado para executar uma atualização.
Escolha a permissão ou as permissões marcadas como menos privilegiadas para essa API. Use uma permissão ou permissões privilegiadas mais altas somente se o aplicativo exigir. Para obter detalhes sobre permissões delegadas e de aplicativo, consulte Tipos de permissão. Para saber mais sobre essas permissões, consulte a referência de permissões.
Você pode abordar a entidade de serviço usando sua id ou appId.
Id e appId são chamados de ID de Objeto e ID do Aplicativo (Cliente), respectivamente, em registros de aplicativo no centro de administração do Microsoft Entra.
POST /serviceprincipals/{id}/addKey
POST /servicePrincipals(appId='{appId}')/addKey
A nova credencial de chave servicePrincipal a ser adicionada. O tipo, o uso e a chave são propriedades necessárias para esse uso. Os tipos de chave com suporte são:
Somente secretText é necessário para ser definido, que deve conter a senha da chave. Essa propriedade é necessária apenas para chaves do tipo X509CertAndPassword. Defina-o como caso null contrário.
Prova
Cadeia de caracteres
Um token JWT autoassinado usado como prova de posse das chaves existentes. Esse token JWT deve ser assinado com uma chave privada que corresponda a um dos certificados válidos existentes associados ao serviçoPrincipal. O token deve conter os seguintes argumentos:
aud: O público precisa ser 00000002-0000-0000-c000-000000000000.
iss: o emissor precisa ser a ID do servicePrincipal que inicia a solicitação.
nbf: não antes do tempo.
exp: o tempo de expiração deve ser o valor de nbf + 10 minutos.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.ServicePrincipals.Item.AddKey;
using Microsoft.Graph.Models;
var requestBody = new AddKeyPostRequestBody
{
KeyCredential = new KeyCredential
{
Type = "AsymmetricX509Cert",
Usage = "Verify",
Key = Convert.FromBase64String("MIIDYDCCAki..."),
},
PasswordCredential = null,
Proof = "eyJ0eXAiOiJ...",
};
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.ServicePrincipals["{servicePrincipal-id}"].AddKey.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphserviceprincipals "github.com/microsoftgraph/msgraph-sdk-go/serviceprincipals"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphserviceprincipals.NewAddKeyPostRequestBody()
keyCredential := graphmodels.NewKeyCredential()
type := "AsymmetricX509Cert"
keyCredential.SetType(&type)
usage := "Verify"
keyCredential.SetUsage(&usage)
key := []byte("mIIDYDCCAki...")
keyCredential.SetKey(&key)
requestBody.SetKeyCredential(keyCredential)
passwordCredential := null
requestBody.SetPasswordCredential(&passwordCredential)
proof := "eyJ0eXAiOiJ..."
requestBody.SetProof(&proof)
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=go
addKey, err := graphClient.ServicePrincipals().ByServicePrincipalId("servicePrincipal-id").AddKey().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.serviceprincipals.item.addkey.AddKeyPostRequestBody addKeyPostRequestBody = new com.microsoft.graph.serviceprincipals.item.addkey.AddKeyPostRequestBody();
KeyCredential keyCredential = new KeyCredential();
keyCredential.setType("AsymmetricX509Cert");
keyCredential.setUsage("Verify");
byte[] key = Base64.getDecoder().decode("MIIDYDCCAki...");
keyCredential.setKey(key);
addKeyPostRequestBody.setKeyCredential(keyCredential);
addKeyPostRequestBody.setPasswordCredential(null);
addKeyPostRequestBody.setProof("eyJ0eXAiOiJ...");
KeyCredential result = graphClient.servicePrincipals().byServicePrincipalId("{servicePrincipal-id}").addKey().post(addKeyPostRequestBody);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\ServicePrincipals\Item\AddKey\AddKeyPostRequestBody;
use Microsoft\Graph\Generated\Models\KeyCredential;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AddKeyPostRequestBody();
$keyCredential = new KeyCredential();
$keyCredential->setType('AsymmetricX509Cert');
$keyCredential->setUsage('Verify');
$keyCredential->setKey(\GuzzleHttp\Psr7\Utils::streamFor(base64_decode('MIIDYDCCAki...')));
$requestBody->setKeyCredential($keyCredential);
$requestBody->setPasswordCredential(null);
$requestBody->setProof('eyJ0eXAiOiJ...');
$result = $graphServiceClient->servicePrincipals()->byServicePrincipalId('servicePrincipal-id')->addKey()->post($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.serviceprincipals.item.add_key.add_key_post_request_body import AddKeyPostRequestBody
from msgraph.generated.models.key_credential import KeyCredential
# To initialize your graph_client, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AddKeyPostRequestBody(
key_credential = KeyCredential(
type = "AsymmetricX509Cert",
usage = "Verify",
key = base64.urlsafe_b64decode("MIIDYDCCAki..."),
),
password_credential = None,
proof = "eyJ0eXAiOiJ...",
)
result = await graph_client.service_principals.by_service_principal_id('servicePrincipal-id').add_key.post(request_body)
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.ServicePrincipals.Item.AddKey;
using Microsoft.Graph.Models;
var requestBody = new AddKeyPostRequestBody
{
KeyCredential = new KeyCredential
{
Type = "X509CertAndPassword",
Usage = "Sign",
Key = Convert.FromBase64String("MIIDYDCCAki..."),
},
PasswordCredential = new PasswordCredential
{
SecretText = "MKTr0w1...",
},
Proof = "eyJ0eXAiOiJ...",
};
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.ServicePrincipals["{servicePrincipal-id}"].AddKey.PostAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.serviceprincipals.item.addkey.AddKeyPostRequestBody addKeyPostRequestBody = new com.microsoft.graph.serviceprincipals.item.addkey.AddKeyPostRequestBody();
KeyCredential keyCredential = new KeyCredential();
keyCredential.setType("X509CertAndPassword");
keyCredential.setUsage("Sign");
byte[] key = Base64.getDecoder().decode("MIIDYDCCAki...");
keyCredential.setKey(key);
addKeyPostRequestBody.setKeyCredential(keyCredential);
PasswordCredential passwordCredential = new PasswordCredential();
passwordCredential.setSecretText("MKTr0w1...");
addKeyPostRequestBody.setPasswordCredential(passwordCredential);
addKeyPostRequestBody.setProof("eyJ0eXAiOiJ...");
KeyCredential result = graphClient.servicePrincipals().byServicePrincipalId("{servicePrincipal-id}").addKey().post(addKeyPostRequestBody);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\ServicePrincipals\Item\AddKey\AddKeyPostRequestBody;
use Microsoft\Graph\Generated\Models\KeyCredential;
use Microsoft\Graph\Generated\Models\PasswordCredential;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AddKeyPostRequestBody();
$keyCredential = new KeyCredential();
$keyCredential->setType('X509CertAndPassword');
$keyCredential->setUsage('Sign');
$keyCredential->setKey(\GuzzleHttp\Psr7\Utils::streamFor(base64_decode('MIIDYDCCAki...')));
$requestBody->setKeyCredential($keyCredential);
$passwordCredential = new PasswordCredential();
$passwordCredential->setSecretText('MKTr0w1...');
$requestBody->setPasswordCredential($passwordCredential);
$requestBody->setProof('eyJ0eXAiOiJ...');
$result = $graphServiceClient->servicePrincipals()->byServicePrincipalId('servicePrincipal-id')->addKey()->post($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.serviceprincipals.item.add_key.add_key_post_request_body import AddKeyPostRequestBody
from msgraph.generated.models.key_credential import KeyCredential
from msgraph.generated.models.password_credential import PasswordCredential
# To initialize your graph_client, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AddKeyPostRequestBody(
key_credential = KeyCredential(
type = "X509CertAndPassword",
usage = "Sign",
key = base64.urlsafe_b64decode("MIIDYDCCAki..."),
),
password_credential = PasswordCredential(
secret_text = "MKTr0w1...",
),
proof = "eyJ0eXAiOiJ...",
)
result = await graph_client.service_principals.by_service_principal_id('servicePrincipal-id').add_key.post(request_body)