Update-MgApplication - Unable to add KeyCredentials - Microsoft.Graph v.2.0.0-rc1

[mpierzynka-mdg]

Reproduction steps:

$appObjectId = '<existing-application-object-id>'
$certificate = New-SelfSignedCertificate -Subject 'TestCertificate'
$keyCredential = @{
  Type='AsymmetricX509Cert'; 
  Usage='Verify'; 
  Key=$certificate.RawData 
}

Update-MgApplication -ApplicationId $appObjectId  -KeyCredentials $keyCredential 

Result (error):
Update-MgApplication : Cannot convert the literal 'MIIDBjCCAe6gAwIBAgIQGdAxrjkG8ItPgDaod_fK6jANBgkqh...' to the expected type 'Edm.Binary'.

Expected result:
Application is successfully updated, and the certificate credential is added.

---

The function works as expected in the 1.27.0 version of the module.

---

Update:

After a bit more research: the base64 value which is output in the error differs from the one converted by me, using [System.Convert]::ToBase64String($certificate.RawData). The error base64 string has every "/" character replaced by "_".

Sending the request using Invoke-MgGraphRequest works properly:

$updateAppUrl = "https://graph.microsoft.com/v1.0/applications/$appObjectId"
$base64value = [System.Convert]::ToBase64String($certificate.RawData)
$body = @{
  keyCredentials = @(
    @{
      type = 'AsymmetricX509Cert'
      usage = 'Verify'
      key = $base64value
     }
  )
} | ConvertTo-Json

Invoke-MgGraphRequest -Method PATCH $updateAppUrl -Body $body

---

Update 2:

Same issue with Microsoft.Graph v.2.0.0-rc3 and Microsoft.Graph.Beta v2.0.0-rc3

[peombwa]

Thanks for bringing this to our attention!

This is indeed a bug in v2 that was introduced by change made in the code generator at Azure/autorest.powershell#900.

To fix the bug, we will need to change the format of the key property from base64Url to base64 in the OpenAPI description to match what the service supports:

key:
  type: string
-  format: base64url
+  format: base64
  nullable: true

[peombwa]

Fixed by #2084. The bug fix will ship in the next release of v2.