App Registration: CustomKeyIdentifier is NULL RRS feed

  • Question

  • Hi

    I'm comparing the manifests for two App Registrations in AAD. One of them works* and one doesn't. 

    Looking at them side by side, I can see two passwordCredentials entries with values like this (in the working one)

    "customKeyIdentifier": "***************************" (the value is actually a long string of characters)

    In the one that isn't working (I just get "Unauthorized" every time I call it) the values are null:

    "customKeyIdentifier": null

    This seems like it might be the cause of my problems so I was wondering what I'm doing wrong? How can I get a sensible value in there through the Azure UI?


    * i.e. our logic apps can use it to call a custom API (using JWT/OAuth) hosted on-premise)

    Tuesday, May 7, 2019 11:55 AM

All replies

  • Are you using certificates as secrets and it is available for both applications under "certificates & secrets" ?
    Tuesday, May 7, 2019 8:02 PM
  • Hi, thanks for replying

    I have two secrets defined, but no certificates. As far as I can tell that's the same as the app registration that works too.

    Wednesday, May 8, 2019 7:30 AM
  • Have you created these two Keys by two different methods like one using PowerShell and one using portal ?
    Tuesday, May 14, 2019 12:36 AM
  • Hi, I just noticed the same difference.

    The legacy app registrations generates the following manifest after adding a key:

    "passwordCredentials": [
    "customKeyIdentifier": "*****=",
    "endDate": "2020-05-14T13:15:45.168Z",
    "keyId": "<GUID>",
    "startDate": "2019-05-14T13:15:58.134312Z",
    "value": null

    while the new app registration generates:

        "passwordCredentials": [
                "customKeyIdentifier": null,
                "endDate": "2020-05-14T13:18:33.51Z",
                "keyId": "<GUID>",
                "startDate": "2019-05-14T13:18:40.224Z",
                "value": "******",
                "createdOn": "2019-05-14T13:18:40.5715382Z",
                "hint": "***",
                "displayName": "testkey"

    The key seem to be moved from customKeyIdentifier to value.

    Tuesday, May 14, 2019 1:25 PM
  • Were you able to get this resolved?
    Monday, June 3, 2019 11:51 PM