SharePoint Online: How to Register a Never Expiring App ID Secret with Azure AD?

Requirement: Register a never expiring App for SharePoint Online using Azure AD.

Any App ID (or Client ID) registered through SharePoint Online has an expiry date of 1 year by default. How do I register an App ID that’s never expiring? Well, You have to register the App through Azure AD! Here are the steps:

Step 1: Register an App from Azure AD

To register a client app and client secret in Azure AD, follow these steps:

  • Log in to Azure Portal https://aad.portal.azure.com as an administrator
  • Navigate to Azure Active Directory >> Click on “App registrations” from the left navigation menu.
    add new app registration in azure ad
  • Register a new app by clicking on the “New registration” link.
  • Provide a name to your app, choose the account types and click on “Register”
    register app in azure ad
  • Once the app is created,  Open the app >> Click on the “Certificates & secretes” link in the left navigation menu
  • Create the client secret by clicking on “New client secret” >>  Provide a description and choose the Expires option to “Never” and click on “Add”.
    never expiring app client secret
  • Copy the client secret generated and store it in a safe place.

Step 2: Grant Necessary Permissions to the App ID

Once we have the App ID registered, the next step is to grant permissions to the App ID.

  • Navigate to the URL https://crescent-admin.sharepoint.com/_layouts/15/appinv.aspx as a SharePoint Online Administrator to grant tenant-level permissions. Here I’m granting tenant-level permissions. So, I’ve to use the tenant admin URL!
  • Enter the ID of the App you created in Step 1 and click on “Lookup”.
  • Fill in other details on the page. I’ve entered the below Permission Request XML.
  • Click on “Create” and then “Trust It” on the next page presented to complete the wizard.
    grant permissions to app id in sharepoint online
    Permission XML:
<AppPermissionRequests AllowAppOnlyPolicy="true">
       <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>

Now, your Client ID and Client Secret is ready to use to authenticate with SharePoint Online!

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

Leave a Reply