M365 / SharePoint Online – PowerShell to renew expiring client secret key for SharePoint App

Hi All,

Greetings for the day 🙂 LIFE IS BEAUTIFUL 🙂

Today something new 🙂 sharing small PowerShell script to renew client secret key of SharePoint app

Background :

  • In one of our application we were using SharePoint hosted app and client secret key
  • Suddenly our application get stopped working
  • We started scanning the logs and found following exception

Error:Token request failed., InnerMessage:System.Net.WebException: The remote server returned an error: (401) Unauthorized.”

  • So we started looking into app details and found that client secret key of app is expired

Details :

  1. By default SharePoint App secret key expires in 1 year.
  2. We have option – PowerShell CMDLET to renew it for next 3 years or create new secret key
  3. We no need to create new SharePoint App
  4. We no need to again give the permissions for our App
  5. Only thing we need to change – wherever we have specified client secret we need to update the secret key

PowerShell script :

# First, we install the SharePoint Online cmdlets using Install-Module in case we don’t have them already

Install-Module MSOnline

#M 365 global administrator credentials – we need here Global Administrator

$msolcred = Get-Credential

#once we have credentials, we will connect to M365 using Connect-MsolService

Connect-MsolService -credential $msolcred

#SharePoint App client id for which we need to regenerate the client secret

$clientId = "27c5b286-62a6-45c7-beda-abbaea6eecf2"

# Get credentials associated with a service principal

$keys = Get-MsolServicePrincipalCredential -AppPrincipalId $clientId
Remove-MsolServicePrincipalCredential -KeyIds $keys.KeyId -AppPrincipalId $clientId

#to create secret key we must need to remove all existing secret keys – Remove a credential from a service #principal => Generally it takes 24 hrs. for reflecting the changes so in some cases we may need to wait

#creating new secret key

$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()

$newClientSecret = [System.Convert]::ToBase64String($bytes)

#start date from now
$dtStart = [System.DateTime]::Now

#enddate – 3 years
$dtEnd = $dtStart.AddYears(3)

#generating new secret key for 3 years
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $dtStart  -EndDate $dtEnd

New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret   -StartDate $dtStart  -EndDate $dtEnd

New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret   -StartDate $dtStart  -EndDate $dtEnd

Copy the new client secret key

Thanks for reading 🙂 If its worth at least reading once, kindly please like and share 🙂 SHARING IS CARING 🙂

Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: