如何获得 Azure AppOnly 持久访问权限

如何获得无限令牌或以编程方式更新它的方法？

据我所知，没有办法获得无限或更新应用程序客户端密钥的方法。

正如您所说，在门户中，客户端密钥的最长过期时间只能设置为 2 年。

作为解决方法，您可以使用下面的 JavaScript 代码来创建具有更长生命周期的客户端密钥。

对于示例，我创建了一个有效期为 12 年的秘密。

代码：

const { DefaultAzureCredential } = require("@azure/identity");
const { Client } = require("@microsoft/microsoft-graph-client");
const { TokenCredentialAuthenticationProvider } = require("@microsoft/microsoft-graph-client/authProviders/azureTokenCredentials");

const credential = new DefaultAzureCredential();
const authProvider = new TokenCredentialAuthenticationProvider(credential, {
  scopes: ['https://graph.microsoft.com/.default'],
});
const client = Client.initWithMiddleware({
    debugLogging: true,
    authProvider,
});

const startDate = new Date();
const endDate = new Date(startDate);
endDate.setFullYear(endDate.getFullYear() + 12);

const passwordCredential = {
  passwordCredential: {
    displayName: 'test',
    startDateTime: startDate,
    endDateTime: endDate,
  }
};

async function updatePasswordCredentials() {
    const result = await client.api('/applications/<Your-Application-object-id>/addPassword')
    .post(passwordCredential);
    console.log(result);
}

updatePasswordCredentials();

输出：

https://graph.microsoft.com/v1.0/applications/xxxx/addPassword
(node:21972) ExperimentalWarning: The Fetch API is an experimental feature. This feature could change at any time
(Use `node --trace-warnings ...` to show where the warning was created)
{
  '@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#microsoft.graph.passwordCredential',
  customKeyIdentifier: null,
  displayName: 'test',
  endDateTime: '2036-01-02T09:40:39.584Z',
  hint: 'uXf',
  keyId: '3624xxxx00',
  secretText: 'uXf8Q~NDCpJuZkxxxxx',
  startDateTime: '2024-01-02T09:40:39.584Z'
}

传送门：

参考：

• 应用程序：addPassword - Microsoft Graph v1.0 |微软学习
• Azure应用程序注册客户端密钥过期 - 堆栈内存溢出