Rijwan & Satya's Blog

Learn developer and data technologies with us

SharePoint SharePoint Administrator SharePoint Development SharePoint End User SharePoint Online

Check and Update Expiration date Client ID in SharePoint Online

ByRijwan Ansari

Jun 7, 2021 #SharePoint, #SharePoint Client Id, #SharePoint Online
Post Views: 1,052

We normally generate client Id and secret key from SharePoint Online for provider-hosted app. We use this client ID and key to authorize the application to access the SharePoint based on permissions.

This client Id and secret key is generation from SharePoint Online and gets expired after one year. After one year, your application will be unauthorized to SharePoint. You will get error message like below:

The remote server returned an error: (401) Unauthorized. – {“error”:”invalid_client”,”error_description”:”AADSTS7000222: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app, or consider using certificate credentials for added security: https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials\r\nTrace ID: 2fa6abe3-f4a4-48e3-af6e-ee51815eb702\r\nCorrelation ID: f5feb541-a464-4371-8b9e-72d4c5a13810\r\nTimestamp: 2021-06-06 16:07:38Z”,”error_codes”:[7000222],”timestamp”:”2021-06-06 16:07:38Z”,”trace_id”:”2fa6abe3-f4a4-48e3-af6e-ee51815eb702″,”correlation_id”:”f5feb541-a464-4371-8b9e-72d4c5a13810″,”error_uri”:”https://accounts.accesscontrol.windows.net/error?code=7000222″}

Exact Error:

After one year, the generated Client Id and secret key will be expired and we need to renew the client ID.

In this article, I will show how to check the client ID expiration date and also write scripts to renew it.

  • Check the expiration date of Client ID.
  • Renew or create new secret for the expired Client ID.

Prerequisites:

  • SharePoint Online Management Shell
  • Global Administrator Account for the SharePoint

Checking the expiration of Client Id

There are couple of ways to checking the expiry date of client ID. Our first step for above error message is to verify the expiration date.

Open SharePoint Online Management Shell (with Administrator)

Then we will install Microsoft Online Service with following script. If you have already installed MSOnline then you can skip this step.

Install-Module MSOnline

We will import the MS Online service using below script

Import-Module MSOnline

Connect to tenant. (Better use Site Administrator)

Connect-MSOLService

You can check this particular Client Id expiration date.

(Get-MsolServicePrincipalCredential -AppPrincipalId [Enter App GUID] -ReturnKeyValues $true).EndDate.ToShortDateString() | select

Then you will get list of date and last will be latest expiry date.

If you want to get list of all the app id with expiration date, then run below script.

$applist = Get-MsolServicePrincipal -all  |Where-Object -FilterScript { ($_.DisplayName -notlike "*Microsoft*") -and ($_.DisplayName -notlike "autohost*") -and  ($_.ServicePrincipalNames -notlike "*localhost*") }

foreach ($appentry in $applist) {
    $principalId = $appentry.AppPrincipalId
    $principalName = $appentry.DisplayName

    Get-MsolServicePrincipalCredential -AppPrincipalId $principalId -ReturnKeyValues $false | ? { $_.Type -eq "Password" } | % { "$principalName;$principalId;" + $_.KeyId.ToString() +";" + $_.StartDate.ToString() + ";" + $_.EndDate.ToString() } | out-file -FilePath c:\temp\appsec.txt -append
}

You need to create file appsec.txt in the given location. After completion of this script, we will get file with all apps id with expiry date.

Renew or create new secret for the expired Client ID

Once we are confirmed that the client Id is expired then we run these scripts to update the expiry date and get new secret key.

Renew or create new secret key means our client Id will be same and new secret key will be generated with new expiration date.

To create new secret with new expiry date we need to run below script.

Again, connect to MS tenant

Connect to tenant. (Global SharePoint Administrator)

Connect-MSOLService
$clientId = "4991213c-e9f3-4fdf-bf0d-d7ba23515a04"
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$newClientSecret = [System.Convert]::ToBase64String($bytes)
$dtStart = [System.DateTime]::Now
$dtEnd = $dtStart.AddYears(1)
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
$newClientSecret

Output will be new secret key. Now, we can use this new secret key in our application and the above mentioned issue will be resolved.

Conclusion

In this article, I have discuss about SharePoint Online client Id and secret key expiry date related error. I have also explained how to check the expiration date for Client ID or all app in SharePoint Online to validate. Furthermore, I have shared the script to update or create new secret with new expiration which we can use in application to resolve the error.

References

Microsoft: https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/replace-an-expiring-client-secret-in-a-sharepoint-add-in

By Rijwan Ansari

Research and Technology Lead | Software Architect | Full Stack .NET Expert | Tech Blogger | Community Speaker | Trainer | YouTuber. Follow me @ https://rijsat.com Md Rijwan Ansari is a high performing and technology consultant with 10 plus years of Software Development and Business Applications implementation using .NET Technologies, SharePoint, Power Platform, Data, AI, Azure and cognitive services. He is also a Microsoft Certified Trainer, C# Corner MVP, Microsoft Certified Data Analyst Associate, Microsoft Certified Azure Data Scientist Associate, CSM, CSPO, MCTS, MCP, with 15+ Microsoft Certifications. He is a research and technology lead in Tech One Global as well as leading Facebook community Cloud Experts Group and SharePoint User Group Nepal. He is a active contributor and speaker in c-sharpcorner.com community, C# Corner MVP and his rank at 20 among 3+ millions members. Additionally, he is knee to learn new technologies, write articles, love to contribute to the open-source community. Visit his blog RIJSAT.COM for extensive articles, courses, news, videos and issues resolution specially for developer and data engineer.

Related Post

Announcement Microsoft Microsoft 365 News SharePoint SharePoint Administrator SharePoint Development SharePoint Online

Viva Engage, replacing Yammer Communities app for Teams

Aug 2, 2022 Rijwan Ansari
SharePoint SharePoint Administrator SharePoint Development SharePoint End User SharePoint Framework (SPFx) SharePoint Online

Which SharePoint Versions Support SharePoint Framework (SPFx)?

Jul 18, 2022 Rijwan Ansari
SharePoint SharePoint Administrator SharePoint Development SharePoint End User SharePoint Online Web Development

SharePoint Framework (SPFx): The Best Option for SharePoint Development

Jul 10, 2022 Rijwan Ansari

Leave a Reply

Your email address will not be published. Required fields are marked *

You missed

.NET .NET Core ASP.NET ASP.NET Core

Code Formatting in ASP.NET Project

Nov 18, 2024 Satya Karki 0 Comments
.NET .NET Core ASP.NET

Mastering API Testing with Api.http Files in .NET Projects

Oct 13, 2024 Satya Karki 0 Comments
.NET .NET Core .NET MAUI AI ASP.NET ASP.NET Core Blazor

Announcing .NET 9 Release Candidate 1!

Oct 6, 2024 Satya Karki 0 Comments
.NET .NET Core .NET MAUI ASP.NET ASP.NET Core

Advanced Logging Techniques in ASP.NET Core 8 with Serilog and AppInsight

Sep 1, 2024 Satya Karki 0 Comments