Hi @Ity · Thank you for reaching out.
Service Principal object (present under Enterprise Applications) and Application object (present under App Registration) for a given app are two different objects with different Object IDs but same App ID.
In your case, you are querying Service Principal of your application via graph api, which is returning the keyCredentials for certificates configured under SSO settings of the enterprise application.
On the portal, you are checking the app under Application Registration, where no certificate is configured.
To better understand, try running below PS cmdlets available in AzureADPreview module:
- Get-AzureADServicePrincipal -ObjectId object_id_of_app_from_enterprise_apps | fl key*
- Get-AzureADApplication -objectid object_id_of_app_from_app_registration | fl key*
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.