How to renew a Client Secret in SharePoint Online using PowerShell?

Requirement: Renew a client secret in SharePoint Online.

How to Extend the Validity of a Client Secret in SharePoint Online?

A client secret is an important part of the authentication process for a SharePoint Online app. It is used to grant the app access to SharePoint resources and verify its identity. In this tutorial, we will show you how to renew a client secret in SharePoint Online using PowerShell. You will learn how to connect to your tenant using PowerShell and update the client secret for your app.

Any Client ID (or App ID) and client secret registered through SharePoint Online’s /_layouts/15/AppRegNew.aspx has a validity of 1 year, and there are no ways to renew the client secret from the web user interface (as of today!). You may start to see 401 unauthorized errors if the given client secret is expired, and applications/add-ins that use the specific expired client secret will stop working!

PowerShell to renew client secret SharePoint Online

Assuming you have the AzureAD PowerShell module installed, Here is the PowerShell script to extend the validity of a given App’s client secret by ten years. Few notes:

• Login as a Tenant Administrator when prompted
• Make sure you set the $AppName according to your requirement.
• Set the $EndDate parameter to set when the client secret expires.

#Parameters
$AppName = "File Server Sync Utility"

#Connect to AzureAD
Connect-AzureAD -Credential (Get-Credential)

#Get the Client ID
$App = Get-AzureADServicePrincipal -All $true |  Where-Object {$_.DisplayName -eq $AppName} # Or {$_.AppID -eq '4562ff5a-568c-45a1-a4da-18d64c359ec2'}

#Get the Current Expiry Date
$CurrentExpiryDate = (Get-AzureADServicePrincipalPasswordCredential -ObjectId $App.ObjectId).EndDate
Write-host "Current Expiry Date:"$CurrentExpiryDate

#Extend the validity of the App by 10 years
$StartDate = Get-Date
$EndDate = $StartDate.AddYears(10)
New-AzureADServicePrincipalPasswordCredential -ObjectId $App.ObjectId -StartDate $StartDate -EndDate $EndDate

The above PowerShell extends the validity of the existing client secret! In other words, the same client secret will be generated with a new expiration date. What If you want to replace the current client secret (or Password) with a new one?

New-AzureADServicePrincipalPasswordCredential -ObjectId $App.ObjectId -StartDate $StartDate -EndDate $EndDate -Value "MyNewClientSecretGoesHere"

Now, You can validate the Client ID and Client Secret by connecting to SharePoint Online:

#Connect to PnP using Client ID and Client Secret
$SiteURL = "https://Crescent.sharepoint.com/sites/marketing"
Connect-PnPOnline -ClientId "4562ff5a-568c-45a1-a4da-18d64c359ec2" -ClientSecret "h9+rJfADo72e3w6uW5qfgeVRO98vzDc0LrSbGemm=" -Url $SiteURL

#Get All Lists from the site
Get-PnPList

It’s important to keep your client secret secure, as it is used to authenticate your app and grant it access to SharePoint resources.

Conclusion

To conclude, renewing a client secret in SharePoint Online using PowerShell is a straightforward process that can be accomplished by following a few simple steps. First, connect to your Azure AD using the PowerShell Connect-AzureAD cmdlet. Next, use the Get-AzureADServicePrincipal cmdlet to get the app, specifying the app’s client ID and a new client secret. Finally, renew the app secret by using the New-AzureADServicePrincipalPasswordCredential cmdlet. By following these steps, you can easily renew the client secret for your SharePoint Online app, and ensure that it continues to have secure access to your tenant’s resources.