How Can We Help?
< All Topics
Print

08. Replace an expiring Client Secret in SharePoint Add-in

 

The SharePoint Add-In model in SharePoint Online has been retired as of November 27th, 2023. Client secrets for SharePoint Add-ins that are registered by using the AppRegNew.aspx page expire after one year.

Prerequisites:

  1. You need to install ‘Azure Active Directory PowerShell 2.0’. If not, run the below script to install the Azure Active Directory PowerShell.

                 Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope LocalMachine -Force; 

                 Install-PackageProvider -Name NuGet -Force; 

                 Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted; 

                 Install-Module -Name AzureAD;                                 

                 Import-Module AzureAD;

Hingepoint Proconnector |

 

Hingepoint Proconnector |

2. You're a tenant administrator for the Microsoft 365 tenant where the add-in was registered with the aspx page.

Please refer to the below link on how to generate the new SharePoint Client secret.

                https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/replace-an-expiring-client-secret-in-a-sharepoint-add-in

Step 1: 

Create a client ID variable with the following line, using the client ID of the SharePoint Add-in as the parameter.

In the PowerShell window, copy the below command:

$clientId = 'client id of the add-in'

Replace your Client ID in “Client id of the add-in

Hingepoint Proconnector |

 

 

Step 2: 

Generate a new Secret.

To connect to AzureAD PowerShell, use the below command which redirects you to login to your Azure AD.

Connect-AzureAD

Hingepoint Proconnector |

 

 

Hingepoint Proconnector |

Hingepoint Proconnector |

Step 3:

Generate a new client secret with the below script:

$endDate = (Get-Date).AddYears(1) 

$app = Get-AzureADServicePrincipal -Filter "AppId eq '$clientId'" 

$objectId = $app.ObjectId 

$base64secret = New-AzureADServicePrincipalPasswordCredential -ObjectId $objectId -EndDate $endDate 

New-AzureADServicePrincipalKeyCredential -ObjectId $objectId -EndDate $endDate -Type Symmetric -Usage Verify -Value $base64secret.Value 

New-AzureADServicePrincipalKeyCredential -ObjectId $objectId -EndDate $endDate -Type Symmetric -Usage Sign -Value $base64secret.Value 

[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($base64secret.Value)) 

$base64secret.EndDate # Print the end date.

This will renew the client secret for 2 years. The new client secret appears on the Windows PowerShell console.  Save the client secret and the End Date for the next steps.

Hingepoint Proconnector |

How to Edit your SharePoint Integrations after renewing the client secret?

Steps to update the new client secret and the expiry date in SharePoint Integrations after renewing the secret and End Date in File Sync Portal and assistance for multiple integrations.

Step 1: Click on the Edit link of the SharePoint integration.

Hingepoint Proconnector |

Step 2: In the Edit Integration page, replace the old client secret with the newly generated client secret and update the ‘End Date’ field and click on the Save button.

Hingepoint Proconnector |

Step 3: In case if you have multiple SP Integrations to be edited, please reach out to dev.team@hingepoint.com with your newly generated client secret and the new expiry date and we will have them updated for you.