08. How to generate Client Secret in SharePoint.
The SharePoint Add-In model in SharePoint Online has been retired as of November 27th, 2023. Client secrets for SharePoint Add-ins that are registered by using the AppRegNew.aspx page expire after one year.
Prerequisites:
- You need to install ‘Azure Active Directory PowerShell 2.0’. If not, run the below script to install the Azure Active Directory PowerShell.
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine -Force;
Install-PackageProvider -Name NuGet -Force;
Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted;
Install-Module -Name AzureAD;
Import-Module AzureAD;
2. You're a tenant administrator for the Microsoft 365 tenant where the add-in was registered with the aspx page.
Please refer to the below link on how to generate the new SharePoint Client secret.
Step 1:
Create a client ID variable with the following line, using the client ID of the SharePoint Add-in as the parameter.
In the PowerShell window, copy the below command:
$clientId = 'client id of the add-in'
Replace your Client ID in “Client id of the add-in”
Step 2:
Generate a new Secret.
To connect to AzureAD PowerShell, use the below command which redirects you to login to your Azure AD.
Connect-AzureAD
Step 3:
Generate a new client secret with the below script:
$endDate = (Get-Date).AddYears(1)
$app = Get-AzureADServicePrincipal -Filter "AppId eq '$clientId'"
$objectId = $app.ObjectId
$base64secret = New-AzureADServicePrincipalPasswordCredential -ObjectId $objectId -EndDate $endDate
New-AzureADServicePrincipalKeyCredential -ObjectId $objectId -EndDate $endDate -Type Symmetric -Usage Verify -Value $base64secret.Value
New-AzureADServicePrincipalKeyCredential -ObjectId $objectId -EndDate $endDate -Type Symmetric -Usage Sign -Value $base64secret.Value
[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($base64secret.Value))
$base64secret.EndDate # Print the end date.
This will renew the client secret for 1 years. The new client secret appears on the Windows PowerShell console. Save the client secret and the End Date for the next steps.
How to Edit your SharePoint Integrations after renewing the client secret?
Steps to update the new client secret and the expiry date in SharePoint Integrations after renewing the secret and End Date in File Sync Portal and assistance for multiple integrations.
Step 1: Click on the Edit link of the SharePoint integration.
Step 2: In the Edit Integration page, replace the old client secret with the newly generated client secret and update the ‘End Date’ field and click on the Save button.
Step 3: In case if you have multiple SP Integrations to be edited, please reach out to dev.team@hingepoint.com with your newly generated client secret and the new expiry date and we will have them updated for you.