Need a way to get and update Application trustedCertificateSubjects thru Graph API call

Question

I am able to use AAD Graph api version 1.6-internal to GET and PATCH the manifest for the Registered Application when I make a call from PowerShell and authorize as a user account.
Rest call like:
https://graph.windows.net/<TenantID>/applicationsByAppId/<APP_GUID>?api-version=1.61-internal

Same REST call is failing if I use Service Principal to Authorize with the error: "Access denied to the specified API version."
If I use api-version=1.6, my REST call does succeed but, returns data which is missing the "trustedCertificateSubjects" section of the App registration manifest.
We use that for SubjectNameIssuer Authentication.
In the similar question (Access denied to the specified API version (api-version=1.6-internal) -- how to get permissions?) i read that api-version 1.61-internal does not support 3-rd party application so, this seems like expected.

Is the any ways for us to get the same Application manifest returned by api-version 1.61-internal and use Service Principal for Graph authorization?

BTW, i tried using Microsoft Graph version 1 and beta which also returns no "trustedCertificateSubjects" section.

Answer 1

Hi @Roman Troshkov ,

Thanks for reaching out.

Due to security concerns, trustedCertificateSubjects property is only available on api-version=1.61-internal version for first party clients and not exposed to external customers. As AAD has been deprecated, this property has not been updated for any other versions.

For MS Graph, there is a road map to add similar property which also will exposed to limited audience(first party clients) due to security sensitivity.

Thanks,
Shweta

-------------------------------------

Please remember to "Accept Answer" if answer helped you.