Failed to Update AuthenticationEventListeners

[cmenzi]

Describe the bug

I am trying to update an existing AuthenticationEventListeners, but it it fails with "The request body is null or in bad format"

https://learn.microsoft.com/en-us/graph/api/authenticationeventlistener-update?view=graph-rest-1.0&tabs=http

I tried it with the SDK and with PowerShell, on both the same result

Expected behavior

Changed properties such as "includeApplications" are updated and a 204 No Content is returned

How to reproduce

1. Create an AuthenticationListener of type "OnTokenIssuanceStartListener", remember the Id
2. Add a new element in "IncludeApplications" or remove one.
3. Update the AuthenticationListener -> Error

{
  "error": {
    "code": "AADB2C",
    "message": "The request body is null or in bad format",
    "innerError": {
      "correlationId": "445b097f-0624-4337-b894-b67cd1bff6cf",
      "date": "2024-09-11T06:29:22",
      "request-id": "923ef88e-31f2-43e2-a0c0-5d6ab4565f33",
      "client-request-id": "af19381d-d121-4659-9d40-f41ba2f40c1f"
    }
  }
}

SDK Version

5.56.0

Latest version known to work for scenario above?

No response

Known Workarounds

1. Delete the listener first and then Create it

Debug output

Click to expand log

``` DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PATCH

Absolute Uri:
https://graph.microsoft.com/v1.0/identity/authenticationEventListeners/d8df43ad-673f-46ee-ac9b-e3454680c52d

Headers:
FeatureFlag : 00000043
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.19045; en-US),PowerShell/7.4.5
Accept-Encoding : gzip
SdkVersion : graph-powershell/2.23.0
client-request-id : af19381d-d121-4659-9d40-f41ba2f40c1f

Body:
{
"@odata.type": "#microsoft.graph.onTokenIssuanceStartListener",
"conditions": {
"applications": {
"includeApplications": [
{
"appId": "d702e2dc-6763-4422-a87b-4beb0f2b2e16"
}
]
}
}
}

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
BadRequest

Headers:
Cache-Control : no-cache
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 923ef88e-31f2-43e2-a0c0-5d6ab4565f33
client-request-id : af19381d-d121-4659-9d40-f41ba2f40c1f
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Switzerland North","Slice":"E","Ring":"3","ScaleUnit":"001","RoleInstance":"ZRH2EPF000000E0"}}
Date : Wed, 11 Sep 2024 06:29:21 GMT

Body:
{
"error": {
"code": "AADB2C",
"message": "The request body is null or in bad format",
"innerError": {
"correlationId": "445b097f-0624-4337-b894-b67cd1bff6cf",
"date": "2024-09-11T06:29:22",
"request-id": "923ef88e-31f2-43e2-a0c0-5d6ab4565f33",
"client-request-id": "af19381d-d121-4659-9d40-f41ba2f40c1f"
}
}
}

</details>


### Configuration

- OS: Windows 10
- Architecture: x64

### Other information

_No response_

[shemogumbe]

Hello @cmenzi thanks for using the SDK and for reporting this.

To help isolate and reproduce the issue,
mind sharing a snippet of your payload and the call.

[cmenzi]

@shemogumbe

namespace ConsoleApp
{
    using Azure.Identity;

    using Microsoft.Graph;
    using Microsoft.Graph.Models;

    internal class Program
    {
        static async Task Main(string[] args)
        {
            await ReproduceBug();
        }

        private static async Task ReproduceBug()
        {
            var customAuthenticationExtensionUrl = "https://my.example.com/token-start";
            var identifierUri = "api://my.example.com/c98fd4a0-0ed3-4966-9fd7-3335864dfdc5";
            var appIdToInclude = "c98fd4a0-0ed3-4966-9fd7-3335864dfdc5";

            var tenantId = "3bb8aeaa-c72a-4b35-96d0-542fb05c0ccf";
            var clientId = "f6aef772-6164-433f-a523-384c673d65ff";
            var clientSecret = "StrongSecret";

            // NOTE: client has the following Application permissions:
            //
            // "Policy.Read.All,
            // "Policy.ReadWrite.ApplicationConfiguration"
            // "CustomAuthenticationExtension.ReadWrite.All",
            // "EventListener.ReadWrite.All"
            var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);

            var graphServiceClient = new GraphServiceClient(clientSecretCredential);

            CustomAuthenticationExtension onTokenIssuanceStartCustomExtension = new OnTokenIssuanceStartCustomExtension
            {
                DisplayName = "TokenIssueStart",
                Description = "",
                EndpointConfiguration = new HttpRequestEndpoint
                {
                    TargetUrl = customAuthenticationExtensionUrl
                },
                AuthenticationConfiguration = new AzureAdTokenAuthentication
                {
                    ResourceId = identifierUri
                },
                ClientConfiguration = new()
                {
                    MaximumRetries = 1,
                    TimeoutInMilliseconds = 2000
                },
                ClaimsForTokenConfiguration = [
                    new OnTokenIssuanceStartReturnClaim { ClaimIdInApiResponse = "myClaim" }
                ]
            };

            onTokenIssuanceStartCustomExtension = (await graphServiceClient.Identity.CustomAuthenticationExtensions
                .PostAsync(onTokenIssuanceStartCustomExtension))!;

            AuthenticationEventListener authenticationEventListener = new OnTokenIssuanceStartListener
            {
                Handler = new OnTokenIssuanceStartCustomExtensionHandler
                {
                    CustomExtension = new() { Id = onTokenIssuanceStartCustomExtension.Id }
                },
                Conditions = new AuthenticationConditions
                {
                    Applications = new AuthenticationConditionsApplications
                    {
                        IncludeApplications = [
                           new AuthenticationConditionApplication { AppId = appIdToInclude }
                       ]
                    }
                }
            };

            authenticationEventListener = (await graphServiceClient.Identity.AuthenticationEventListeners
                .PostAsync(authenticationEventListener))!;

            // Everything above works.
            // Here the issue:
            var appIdToInclude2 = "d000feef-25fb-4639-8b8c-737ac4d6a37d";
            AuthenticationEventListener authenticationEventListenerPatch = new OnTokenIssuanceStartListener
            {
                Conditions = new AuthenticationConditions
                {
                    Applications = new AuthenticationConditionsApplications
                    {
                        IncludeApplications = [
                            new AuthenticationConditionApplication { AppId = appIdToInclude },
                            new AuthenticationConditionApplication { AppId = appIdToInclude2 }
                        ]
                    }
                }
            };

            // BAM: Exception
            await graphServiceClient.Identity.AuthenticationEventListeners[authenticationEventListener.Id]
                .PatchAsync(authenticationEventListenerPatch);
        }
    }
}