application： addKey

项目
07/18/2022

命名空间：microsoft.graph

向应用程序添加密钥凭据。此方法以及 removeKey 可用于应用程序自动滚动其过期密钥。

备注

Create application and Update application operations can continue to be used to add and update key credentials for any application with or without a user's context.

作为此方法的请求验证的一部分，将验证拥有现有密钥的证明，然后才能执行该操作。

如果没有任何现有有效证书 (尚未添加任何证书，或者所有证书) ，将无法使用此服务操作。可改用更新应用程序操作来执行更新。

权限

权限类型	权限（从最低特权到最高特权）
委派（工作或学校帐户）	无。
委派（个人 Microsoft 帐户）	无。
应用程序	无。

备注

应用程序不需要任何特定权限来滚动自己的密钥。

HTTP 请求

POST /applications/{id}/addKey

请求标头

名称	说明
Authorization	Bearer {token}。必需。
Content-Type	application/json. Required.

请求正文

在请求正文中，提供以下必需属性。

属性	类型	说明
keyCredential	keyCredential	要添加的新应用程序密钥凭据。类型、用法____和密钥是此用法的必需属性。受支持的密钥类型包括： `AsymmetricX509Cert`：用法必须为 `Verify`。 `X509CertAndPassword`：用法必须为 `Sign`
passwordCredential	passwordCredential	仅需要设置应包含密钥密码的 secretText 。此属性仅对类型为的键是必需的 `X509CertAndPassword`。否则，设置为 `null` 。
proof	字符串	用作现有密钥拥有证明的自签名 JWT 令牌。此 JWT 令牌必须使用应用程序现有有效证书之一的私钥进行签名。令牌应包含以下声明： `aud` - 受众需要是 `00000002-0000-0000-c000-000000000000`。 `iss` -颁发者必须是正在进行呼叫的应用程序的 ID。 `nbf` -“不早于”时间。 `exp` - 过期时间应该是“不早于”+ 10 分钟。下面是可用于生成此拥有令牌证明的代码示例。有关声明类型详细信息，请参阅声明有效负载。

响应

如果成功，此方法在响应 200 OK 正文中返回响应代码和新 keyCredential 对象。

示例

示例 1：向应用程序添加新密钥凭据

请求

下面展示了示例请求。

POST https://graph.microsoft.com/v1.0/applications/{id}/addKey
Content-type: application/json

{
    "keyCredential": {
        "type": "AsymmetricX509Cert",
        "usage": "Verify",
        "key": "MIIDYDCCAki..."
    },
    "passwordCredential": null,
    "proof":"eyJ0eXAiOiJ..."
}


GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var keyCredential = new KeyCredential
{
    Type = "AsymmetricX509Cert",
    Usage = "Verify",
    Key = Convert.FromBase64String("MIIDYDCCAki...")
};

PasswordCredential passwordCredential = null;

var proof = "eyJ0eXAiOiJ...";

await graphClient.Applications["{application-id}"]
    .AddKey(keyCredential,proof,passwordCredential)
    .Request()
    .PostAsync();


const options = {
    authProvider,
};

const client = Client.init(options);

const keyCredential = {
    keyCredential: {
        type: 'AsymmetricX509Cert',
        usage: 'Verify',
        key: 'MIIDYDCCAki...'
    },
    passwordCredential: null,
    proof: 'eyJ0eXAiOiJ...'
};

await client.api('/applications/{id}/addKey')
    .post(keyCredential);


MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];

NSString *MSGraphBaseURL = @"https://graph.microsoft.com/v1.0/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/applications/{id}/addKey"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];

NSMutableDictionary *payloadDictionary = [[NSMutableDictionary alloc] init];

MSGraphKeyCredential *keyCredential = [[MSGraphKeyCredential alloc] init];
[keyCredential setType:@"AsymmetricX509Cert"];
[keyCredential setUsage:@"Verify"];
[keyCredential setKey:@"MIIDYDCCAki..."];
payloadDictionary[@"keyCredential"] = keyCredential;

payloadDictionary[@"passwordCredential"] = passwordCredential;

NSString *proof = @"eyJ0eXAiOiJ...";
payloadDictionary[@"proof"] = proof;

NSData *data = [NSJSONSerialization dataWithJSONObject:payloadDictionary options:kNilOptions error:&error];
[urlRequest setHTTPBody:data];

MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest 
    completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {

        //Request Completed

}];

[meDataTask execute];


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

KeyCredential keyCredential = new KeyCredential();
keyCredential.type = "AsymmetricX509Cert";
keyCredential.usage = "Verify";
keyCredential.key = Base64.getDecoder().decode("MIIDYDCCAki...");



String proof = "eyJ0eXAiOiJ...";

graphClient.applications("{id}")
    .addKey(ApplicationAddKeyParameterSet
        .newBuilder()
        .withKeyCredential(keyCredential)
        .withPasswordCredential(passwordCredential)
        .withProof(proof)
        .build())
    .buildRequest()
    .post();


//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)

requestBody := msgraphsdk.New()
keyCredential := msgraphsdk.NewKeyCredential()
requestBody.SetKeyCredential(keyCredential)
type := "AsymmetricX509Cert"
keyCredential.SetType(&type)
usage := "Verify"
keyCredential.SetUsage(&usage)
key := []byte("MIIDYDCCAki...")
keyCredential.SetKey(&key)
requestBody.SetPasswordCredential(nil)
proof := "eyJ0eXAiOiJ..."
requestBody.SetProof(&proof)
applicationId := "application-id"
result, err := graphClient.ApplicationsById(&applicationId).AddKey(application-id).Post(requestBody)


Import-Module Microsoft.Graph.Applications

$params = @{
    KeyCredential = @{
        Type = "AsymmetricX509Cert"
        Usage = "Verify"
        Key = [System.Text.Encoding]::ASCII.GetBytes("MIIDYDCCAki...")
    }
    PasswordCredential = $null
    Proof = "eyJ0eXAiOiJ..."
}

Add-MgApplicationKey -ApplicationId $applicationId -BodyParameter $params

响应

下面展示了示例响应。

HTTP/1.1 200 OK
Content-Type: application/json

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#microsoft.graph.keyCredential"
}

示例 2：为密钥添加密钥凭据和关联密码

请求