Breaking changes: Application and ServicePrincipal API updates in Microsoft Graph beta

Microsoft Graph team

We’re updating the application, servicePrincipal and oAuth2PermissionGrant Microsoft Graph APIs in public preview (beta). These changes will roll out in phases over the next few weeks.

Changes to properties

Change Call to action
The orgRestrictions property will be removed from the application resource. This property was marked as “Reserved for future use” and Azure AD ignores the value of this property today. Writing to this property has no effect today. If you read this property today, update your clients as needed to handle this scenario.
The startTime and expiryTime properties will be deleted from oAuth2PermissonGrant. Azure AD ignores the value of these properties today. Writing to these properties has no effect today. If you read these properties today, update your clients as needed to handle this scenario.
The errorUrl property will be deleted from servicePrincipal. Azure AD ignores the value of this property today. Writing to this property has no effect today. Update your clients as needed to handle this scenario.
The signInAudience property will be deleted from servicePrincipal. Azure AD ignores the value of this property today. If you read this property today, update your clients as needed to handle this scenario.

Changes to methods

You can no longer use a PATCH operation on the application or  servicePrincipal objects to update passwordCredentials. You can use the addPassword and removePassword methods to update the password for an application or a servicePrincipal.

addPassword

Request – application

POST https://graph.microsoft.com/beta/applications/{id}/addPassword
{
    "passwordCredential": {
        "displayName": "Password friendly name"
    }
}

Response – application

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#microsoft.graph.passwordCredential",
    "customKeyIdentifier": "guid",
    "endDateTime": "timestamp",
    "keyId": "guid",
    "startDateTime": "timestamp",
    "secretText": "string"
    "hint": "string",
    "displayName": "string"
}

 

Request – servicePrincipal

POST https://graph.microsoft.com/beta/servicePrincipals/{id}/addPassword
{ 
    "passwordCredential": { 
        "displayName": "Password friendly name" 
    } 
}

Response – servicePrincipal

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#microsoft.graph.passwordCredential",
    "customKeyIdentifier": "guid",
    "endDateTime": "timestamp",
    "keyId": "guid",
    "startDateTime": "timestamp",
    "secretText": "string"
    "hint": "string",
    "displayName": "string"
}

 

removePassword

Request – application

POST  https://graph.microsoft.com/beta/applications/{id}/removePassword
{
    "keyId": "key id"
}

Response – application

204 No content

 

Request – servicePrincipal

POST https://graph.microsoft.com/beta/servicePrincipals/{id}/removePassword
{
    "keyId": "key id"
}

Response – servicePrincipal

204 No content

Tell us what you think

We welcome your feedback on UserVoice. If you have questions, reach out to us on Stack Overflow.

-The Microsoft Identity Platform Team

Feedback usabilla icon