Requirement: Register a never-expiring App for SharePoint Online using Azure AD.
Any App ID (or Client ID) registered through SharePoint Online has an expiry date of 1 year by default. How do I register an App ID that’s never expiring? Well, You have to register the App through Azure AD! Here are the steps:
Step 1: Register an App from Azure AD
To register a client app and client secret in Azure AD, follow these steps:
- Log in to Azure Portal https://aad.portal.azure.com as an administrator.
- Navigate to Azure Active Directory >> Click on “App registrations” from the left navigation menu.
- Register a new app by clicking on the “New registration” link.
- Provide a name to your app, choose the account types and click on “Register”
- Once the app is created, Open the app >> Click on the “Certificates & secretes” link in the left navigation menu.
- Create the client secret by clicking on “New client secret” >> Provide a description and choose the Expires option to “Never” and click on “Add”.
- Copy the client secret generated and store it in a safe place.
Update: Things are changed a bit now. You can set the expiration date to 2 Years from web UI. The “Never” option has been removed by Microsoft to stop never expiring app secrets. However, You can use PowerShell to Add an app secret valid for 99 years!
#Parameters $APPObjectID = "28ca09b5-7df2-4e2d-bc15-c4b27ea4af38" $AppSecret ="Client Secret for Scripts" #Connect to Azure AD Connect-AzureAD #Add App Secret - Valid for 99 Years $StartDate = Get-Date $EndDate = $StartDate.AddYears(99) $AAdAppsecret = New-AzureADApplicationPasswordCredential -ObjectId $APPObjectID -StartDate $StartDate -EndDate $EndDate -CustomKeyIdentifier $AppSecret #Get the Secret Set Write-host $AAdAppsecret.Value
Step 2: Grant Necessary Permissions to the App ID
Once we have the App ID registered, the next step is to grant permissions to the App ID.
- Navigate to the URL https://crescent-admin.sharepoint.com/_layouts/15/appinv.aspx as a SharePoint Online Administrator to grant tenant-level permissions. Here I’m granting tenant-level permissions. So, I’ve to use the tenant admin URL!
- Enter the ID of the App you created in Step 1 and click on “Lookup”.
- Fill in other details on the page. I’ve entered the below Permission Request XML.
- Click on “Create” and then “Trust It” on the next page presented to complete the wizard. Permission XML:
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="https://sharepoint/content/tenant" Right="FullControl" /> </AppPermissionRequests>
Now, your Client ID and Client Secret are ready to use to authenticate with SharePoint Online!