I am trying to get the expiry date of the client secrets for our AAD application. However when I use the following graph request, the passwordCredential and keyCredential fields is blank.
https://graph.windows.net/myorganization/directoryObjects/{ServicePrincipalObjectId}/?api-version=1.6
Is there a way to get this data? I see it in the manifest if I download that, just not in the Odata object
Thank you for your help!
Use this AAD Graph API below:
https://graph.windows.net/{org_domain}/applications/{obj_id}/passwordCredentials
The response will show the list of keys used by your specific AAD Application.
You can derive the expiration date of your key from the endDate field.
{
"odata.metadata": "https://graph.windows.net/{org_domain}/$metadata#Collection(Microsoft.DirectoryServices.PasswordCredential)",
"value": [
{
"customKeyIdentifier": null,
"endDate": "2018-05-07T09:12:13.2177408Z",
"keyId": "{your_key_id}",
"startDate": "2016-05-07T09:12:13.2177408Z",
"value": null
}
]
}