External applications can connect to SharePoint (Online and On-premise) via OAuth using a bearer token. A client ID and secret is required to establish this connection (say via a SharePoint Add-in / provider-hosted App).
Refer here for steps to generate SharePoint client id and secret.The client secret has a default validity of one year and expires after a year. You will receive an error message like below "The provided client secret keys are expired".
SharePoint App error AADSTS7000222 - client key expired
The remote server returned an error: (401) Unauthorized.
{
"error": "invalid_client",
"error_description": "AADSTS7000222: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app, or consider using certificate credentials for added security: https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials\r\nTrace ID: [Trace ID]\r\nCorrelation ID: [Correlation ID]\r\nTimestamp: 2021-09-22 04:37:03Z",
"error_codes": [
7000222
],
"timestamp": "2021-09-22 04:37:03Z",
"trace_id": "[Trace ID]",
"correlation_id": "[Correlation ID]",
"error_uri": "https://accounts.accesscontrol.windows.net/error?code=7000222"
}When you encounter this, its time to renew the client secret. Note that the same client id can be used as it does not expire.
It is recommended to renew the secret before the expiry, to avoid interruptions.
⭐ How to renew expired SharePoint client secret ?
We can either renew the existing client secret (if its not expired yet), or create a new one.
We will use SharePoint Online Management Shell (PowerShell) for this and you must be a Microsoft 365 Tenant Administrator.
Open SPO Management Shell (Run as Administrator) and run the below commands to check the the expiry date for given client ID.
Install-Module MSOnline
Import-Module MSOnline
Connect-MSOLService
(Get-MsolServicePrincipalCredential -AppPrincipalId [Enter Client ID]
-ReturnKeyValues $true).EndDate.ToShortDateString() | select
Note the last date.
Execute the below script to create a new client secret, you can even define the new expiry date.
❗️ Important - This will work only if you are a Tenant Admin.
Connect-MSOLService
$clientId = "Enter the client ID here"
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$newClientSecret = [System.Convert]::ToBase64String($bytes)
//Setting up the expiry date to 3 years from now
$startDate = [System.DateTime]::Now
$endDate = $startDate.AddYears(3)
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $startDate -EndDate $endDate
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret -StartDate $startDate -EndDate $endDate
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate $startDate -EndDate $endDate
$newClientSecret
Copy the new secret value and use it for connecting now. Refer steps here to validate using Postman if the new client secret works well.
More Posts related to SharePoint,
- Managed Metadata error - The data returned from the tagging UI was not formatted correctly
- How to generate client id and secret to register SharePoint App with OAuth
- Create SharePoint Site Collection with new Content database in existing web application
- Fix Error 2711 SQL RBS client - The installer has encountered an unexpected error. The specified Feature name ('Docs') not found in Feature table
- How to exclude results from SharePoint Search
- 'Edit Document' Requires a Windows Sharepoint Services-compatible application and Microsoft Internet Explorer 6.0 or higher
- [Solved] SharePoint Access Denied error editing Document Name
- Recommended size and resolution for SharePoint Online Site logo
- SharePoint Server 2016 IT Preview - new improved Features and Enhancements
- Restore deleted Office 365 SharePoint group site
- SharePoint An unexpected error has occurred - Correlation ID and PowerShell Merge-SPlogfile
- [Solved] SharePoint Search Internal server error exception
- SharePoint CAML query error - The XML source is not correct
- How to hide quick launch in SharePoint classic site
- Not receiving email notification alert in SharePoint Online workflow - Power Automate, FLOW
- Change SharePoint search results FullTextSqlQuery RowLimit 10000
- Fix Power BI error Access to the resource is forbidden when connecting SharePoint Online List as data source
- [Fix] Restricted View permission level missing in SharePoint Online site library
- How to upload file programmatically to SharePoint Document Library using Server Object Model C# .Net
- How to create classic site in SharePoint Online
- That did'nt work, Issue type User not in directory - SharePoint external access error
- Merge-SPlogfile PowerShell - SharePoint Correlation ID error
- Fix Power BI 404 not found error when connecting SharePoint Online List as Data Source
- SharePoint Server 2016 IT Preview Deprecated Removed features
- SharePoint error - An exception occurred when trying to issue security token: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms..
More Posts:
- Android M cannot run app using play button : Android Studio - Android
- You're not on Teams yet, but you can set it up for your organization. [Microsoft Teams Login Error] - Microsoft
- Share Image and Text on Instagram from Android App using Share Dialog - Android
- Programmatically Send an Email from Android App using Intent - Android
- How to enable anonymous public access for SharePoint Online site collection, file, folder without login ? - SharePoint