How to get client ID from object ID?

[RobertPaulson90]

I'm stuck and unsure how to continue. My end-goal is to fetch a list of all app registrations RBAC assigned to a subsription, that have active secrets configured (we want to expose this on a UI to nudge people towards secretless OIDC federated credentials).

I'm easily able to list all app registrations RBAC assigned to a subscription using AuthorizationManagementClient.role_assignments.list_for_subscription() .

I'm also easily able to list all app registrations including their secrets with https://graph.microsoft.com/v1.0/applications?$filter=appId eq '{app_client_id_1}' or appId eq '{app_client_id_2}'&$select=appId,passwordCredentials

The problem is, the graph API call expects the client ID but the returned object from AuthorizationManagementClient does not include that - only the object ID.

I've yet to find a solution and all search results talk about finding the object ID from the client ID - not the reverse. What are my options?

Related Issue: Azure/azure-sdk-for-python#36056

[RobertPaulson90]

Found the solution. I need to use the servicePrincipals graph endpoint to do the (reverse) mapping. This results in yet another API call but there is no way around it as I see it.