Getting a forbiden when trying to update SPI key

[allanmoller]

Hey,

When trying to update SPI with new key I get an exception telling me that its forbidden, but the SPI I am using is owner of the APP I am trying to update. I have tried using PS to update key with success (see code below). But when I try to update (under same AAD context using dotnet i get an exception :-(. Also I can update the APP key if I use the SPI that originally created the APP, but not with another SPI that has owner rights on exact same app.

.NET
var aadServicePrincipal = await servicePrincipal .Update() .DefinePasswordCredential("secret") .WithPasswordValue(password) .WithDuration(TimeSpan.FromHours(1)) .Attach() .ApplyAsync(); return aadServicePrincipal;

PS code
`$TenantId = "xxxxxx"
$ApplicationId = "xxxxx"
$ServicePrincipalKey = "xxx"
$ApplicationObjectIdNeedsKey = "xxxx"

Add-Type -AssemblyName System.Web
$clientKeyURLEncoded = [System.Web.HttpUtility]::UrlEncode($ServicePrincipalKey)
$tokenrequest = "grant_type=client_credentials&client_id=$ApplicationId&client_secret=$clientKeyURLEncoded&resource=https://graph.windows.net"
$authResult = Invoke-RestMethod -Method Post -Uri "https://login.microsoftonline.com/$TenantId/oauth2/token" -Body $tokenrequest

Write-Information "Login to AzureAD with same SP: $ApplicationId"
Connect-AzureAD -AadAccessToken $authResult.access_token -AccountId $ApplicationId -TenantId $TenantId

$startDate = Get-Date
$endDate = $startDate.AddYears($script:yearsOfExpiration)
$aadAppKeyPwd = New-AzureADApplicationPasswordCredential -ObjectId $ApplicationObjectIdNeedsKey -CustomKeyIdentifier "xallm3.test" -StartDate $startDate -EndDate $endDate

$aadAppKeyPwd`

[allanmoller]

hmm apparently the Key is associated with the Application an not the SPI, thus you have to use IActiveDirectoryApplication an not IServicePrincipal! what i dont get is why i then need to use IServicePrincipal to remove key? but that is just a minor issue, thus closing this.