I am looking for a method to connect to Azure SDK via Python to get a list of expired app registration secrets before the 30 day expiration limit. I know this can be done using Powershell, but how would we would go with plugging Python SDK into Azure and fetching this not using powershell but with Python instead.
If there is any sample to get, how would we go about getting it?
The output should be something like this:
app_id:aaaaaaaa-bbbb-cccc-dddd-eeeeeeee
app_display_name:yourspname
password_expire:2021-08-29T18:30:00+00:00
2
Answers
I found the following a might pose helpful.
You can use the Azure Active Directory (AAD) Graph API to fetch the list of expired app registration secrets. The following is the request URI you can use to get this information:
https://graph.windows.net/<your_tenant_id>/applications?$filter=passwordCredentials/endDate lt <current_date>&$select=displayName,passwordCredentials
You can also refer to this article for more information on how to use the Graph API in Python: https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-python
To get the client secret details of Azure AD applications, you can use below graph query:
To get same response using Python, you can make use of below code:
I tried to reproduce the same in my environment and got below results:
I registered one Azure AD application and granted API permission like below:
When I ran the below Python code, I got the same response as below:
Response:
Alternatively, you can use
urllib3
library to get token to call Microsoft Graph like below:Response:
Now, run the below Python code to get the output in desired format:
Response: