Extending The Validity Of Existing Client Secret In SharePoint

What is Secret?

The secret is nothing but the password for that particular Add-in (Client), which is trying to communicate with SharePoint. So, it must send the Client-ID and secret with the request for authentication.

In the case of failure of credentials, SharePoint will not recognize the app that is requesting access, and will show that it is unable to serve the request.

In the case of secret, this is the predefined password for the App registered with SharePoint. For security purposes, secrets have a validity of one year by default. SharePoint will not recognize the app if the secret is expired after the validity period.

Pre-Requisites

So, to address the validity again, we can use some commands that should be applied using the PowerShell with Admin rights.

Below are the pre-requisites for extending the validity of the secret:

  1. You must have the admin rights of your SharePoint
  2. You must access the PowerShell as an administrator of any computer(local/WVD etc.)

Steps for Extending the Validity of Secrets using AzureAD

 First, install AzureAD on your computer by running the two commands below. Copy and paste it.

Install-Module AzureAD -Confirm:$false -Force -ErrorAction Stop

import-module AzureAD

It will say that it needs the NuGet packages to continue, and that it is needed to download with AzureAD. You need to type the Y key end and hit enter.

To confirm that you have AzureAD installed, type the below command

Get-ModuleAzureAD-ListAvailable

If the app is installed correctly, it will show you something like the screen in the image below:

Then, you should run the below script. Paste it directly to PowerShell.

Connect to Azure AD and type the below command, It will ask for a username and password on the login screen. After successful login, it shows the below output.

Connect-AzureAD

Declare the variable which has the existing client id and secret:

$ClientID = “Put_ur_client_id_here”
$ClientSecret= “put ur existing secret here”

Get the App object ready to further processing:

$App = Get-AzureADServicePrincipal -All $true | Where-Object {$_.AppID -eq $ClientID}

Get the expiry date of the secret:

$CurrentExpiryDate = (Get-AzureADServicePrincipalPasswordCredential -ObjectId $App.ObjectId).EndDate
Write-host “Current Expiry Date:”$CurrentExpiryDate -BackgroundColor Green

Then extend the validity of the App by one year:

$StartDate = Get-Date
$EndDate = $StartDate.AddYears(1)
New-AzureADServicePrincipalPasswordCredential -ObjectId $App.ObjectId -StartDate $StartDate -EndDate $EndDate -Value $ClientSecret
New-AzureADServicePrincipalKeyCredential -ObjectId $App.ObjectId -StartDate $StartDate -EndDate $EndDate -Value $ClientSecret

Full ready script to paste and execute:

if (!(Get - Module AzureAD)) {
    try {
        Install - Module AzureAD - Confirm: $false - Force - ErrorAction Stop
        import -module AzureAD
        Get - ModuleAzureAD - ListAvailable
    } catch {
        $Error[0]
    }
}
#Parameters
$ClientID = “your client ID”
$ClientSecret = “your client secret”
#Connect to AzureAD
Connect - AzureAD
#Get the Client ID
$App = Get - AzureADServicePrincipal - All $true | Where - Object {
    $_.AppID - eq $ClientID
}
#Get the Current Expiry Date
$CurrentExpiryDate = (Get - AzureADServicePrincipalPasswordCredential - ObjectId $App.ObjectId).EndDate
Write - host“ Current Expiry Date: ”$CurrentExpiryDate - BackgroundColor Green
#Extend the validity of the App by 1 years
$StartDate = Get - Date
$EndDate = $StartDate.AddYears(1)
New - AzureADServicePrincipalPasswordCredential - ObjectId $App.ObjectId - StartDate $StartDate - EndDate $EndDate - Value $ClientSecret
New - AzureADServicePrincipalKeyCredential - ObjectId $App.ObjectId - StartDate $StartDate - EndDate $EndDate - Value $ClientSecret