Admin library: ACS principals created as of December 2024 are regular Entra apps, ensure the principal validity is loaded correctly

bjansen · bjansen · commit 69b56df81495 · 2025-04-15T19:47:34.000+02:00
diff --git a/src/sdk/CHANGELOG.md b/src/sdk/CHANGELOG.md
@@ -42,6 +42,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - Page API: maintain full width header section in combination with vertical section #1615 #1629 [nicolaor - Rene Nicolao]
 - Additional header check for BatchClient #1635 [koenzomers - Koen Zomers]
 - Prevent blank lines when html tags have attributes #1636 [robi26 - Stephan Steiger]
+- Admin library: ACS principals created as of December 2024 are regular Entra apps, ensure the principal validity is loaded correctly [jansenbe - Bert Jansen]
+
 
 ## [1.14]
 
diff --git a/src/sdk/PnP.Core.Admin/Model/SharePoint/Core/Internal/LegacyPrincipalManagement.cs b/src/sdk/PnP.Core.Admin/Model/SharePoint/Core/Internal/LegacyPrincipalManagement.cs
@@ -219,6 +219,14 @@ internal async static Task<List<ACSPrincipal>> GetACSPrincipalsAsync(PnPContext
                                 }
                             }
 
+                            if (tempACSPrincipal.ValidUntil == DateTime.MinValue)
+                            {
+                                // The principal was not retrieved as part of the legacy service principals, this can happen because
+                                // since end of 2024 we're creating ACS principals as regular Entra app which do not have the
+                                // legacyServicePrincipal type set to Legacy
+                                await UpdateACSPrincipalDataWithEntraAppPropertiesAsync(context, tempACSPrincipal).ConfigureAwait(false);
+                            }
+
                             if (acsPrincipal.TryGetProperty("appDomains", out JsonElement appDomains) && appDomains.ValueKind == JsonValueKind.Array)
                             {
                                 List<string> appDomainList = new();
@@ -326,6 +334,31 @@ internal async static Task<List<ACSPrincipal>> GetACSPrincipalsAsync(PnPContext
             return acsPrincipals;
         }
 
+        private static async Task UpdateACSPrincipalDataWithEntraAppPropertiesAsync(PnPContext context, ACSPrincipal tempACSPrincipal)
+        {
+            var response = await (context.Web as Web).RawRequestAsync(new ApiCall(string.Format("applications?$filter=appid eq '{0}'&$select=id,appId,passwordCredentials,displayName", tempACSPrincipal.AppId), ApiType.Graph), HttpMethod.Get).ConfigureAwait(false);
+
+            var jsonResponse2 = JsonSerializer.Deserialize<JsonElement>(response.Json);
+            if (jsonResponse2.TryGetProperty("value", out JsonElement appArray) && appArray.ValueKind == JsonValueKind.Array)
+            {
+                foreach (var acsApp in appArray.EnumerateArray())
+                {
+                    if (acsApp.TryGetProperty("passwordCredentials", out JsonElement keyCredentials) && keyCredentials.ValueKind == JsonValueKind.Array)
+                    {
+                        // Only include service principals which are still valid
+                        foreach (var keyCredential in keyCredentials.EnumerateArray())
+                        {
+                            if (keyCredential.TryGetProperty("endDateTime", out JsonElement endDateTime))
+                            {
+                                tempACSPrincipal.ValidUntil = endDateTime.GetDateTime();
+                                return;
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
         internal static async Task<List<ILegacyServicePrincipal>> GetValidLegacyServicePrincipalAppIdsAsync(PnPContext context, bool includeExpiredPrincipals, VanityUrlOptions vanityUrlOptions)
         {
             List<ILegacyServicePrincipal> servicePrincipals = new();
