New-AzureADApplicationKeyCredential

Creates a key credential for an application.

Syntax

New-AzureADApplicationKeyCredential
   -ObjectId <String>
   [-CustomKeyIdentifier <String>]
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-Type <KeyType>]
   [-Usage <KeyUsage>]
   [-Value <String>]
   [-InformationAction <ActionPreference>]
   [-InformationVariable <String>]
   [<CommonParameters>]

Description

The New-AzureADApplicationKeyCredential cmdlet creates a key credential for an application.

Examples

Example 1: Create a new application key credential

PS C:\> $AppID = (Get-AzureADApplication -Top 1).Objectid
PS C:\> New-AzureADApplicationKeyCredential -ObjectId $AppId -CustomKeyIdentifier "Test" -StartDate "11/7/2016" -Type "Symmetric" -Usage "Sign" -Value "123"

CustomKeyIdentifier : {84, 101, 115, 116}
EndDate             : 11/7/2017 12:00:00 AM
KeyId               : a5845538-3f67-402d-a03e-36d768f1441e
StartDate           : 11/7/2016 12:00:00 AM
Type                : Symmetric
Usage               : Sign
Value               : {49, 50, 51}

The first command gets the ID of an application by using the Get-AzureADApplication cmdlet. The command stores it in the $AppId variable.

The second command creates the application key credential for the application identified by $AppId.

Example 2: Use a certificate to add an application key credential

PS C:\> $cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 #create a new certificate object
PS C:\> $cer.Import("C:\Users\PFuller\Desktop\abc.cer") 
PS C:\> $bin = $cer.GetRawCertData()
PS C:\> $base64Value = [System.Convert]::ToBase64String($bin)
PS C:\> $bin = $cer.GetCertHash()
PS C:\> $base64Thumbprint = [System.Convert]::ToBase64String($bin)
PS C:\> $keyid = [System.Guid]::NewGuid().ToString() 
PS C:\> New-AzureADApplicationKeyCredential -ObjectId 009d786a-3503-4217-b8ab-db03d71c179a -CustomKeyIdentifier $base64Thumbprint -Type AsymmetricX509Cert -Usage Verify -Value $base64Value -StartDate $cer.GetEffectiveDateString() -EndDate $cer.GetExpirationDateString()

The first seven commands create values for the application key credential and stores them in variables.

The final command uses a certificate to add an application key credential.

Parameters

-CustomKeyIdentifier

Specifies a custom key ID.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-EndDate

Specifies the time when the key becomes invalid as a DateTime object.

Type:DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-InformationAction

Specifies how this cmdlet responds to an information event.

The acceptable values for this parameter are:

  • Continue
  • Ignore
  • Inquire
  • SilentlyContinue
  • Stop
  • Suspend
Type:ActionPreference
Aliases:infa
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InformationVariable

Specifies an information variable.

Type:String
Aliases:iv
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ObjectId

Specifies a unique ID of an application in Azure Active Directory.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-StartDate

Specifies the time when the key becomes valid as a DateTime object.

Type:DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Type

Specifies the type of the key.

Type:KeyType
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Usage

Specifies the key usage.

Type:KeyUsage
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Value

Specifies the value for the key.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False