External applications can connect to SharePoint (Online and On-premise) via OAuth using a bearer token. A client ID and secret is required to establish this connection (say via a SharePoint Add-in / provider-hosted App).
Refer here for steps to generate SharePoint client id and secret.The client secret has a default validity of one year and expires after a year. You will receive an error message like below "The provided client secret keys are expired".
SharePoint App error AADSTS7000222 - client key expired
The remote server returned an error: (401) Unauthorized.
{
"error": "invalid_client",
"error_description": "AADSTS7000222: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app, or consider using certificate credentials for added security: https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials\r\nTrace ID: [Trace ID]\r\nCorrelation ID: [Correlation ID]\r\nTimestamp: 2021-09-22 04:37:03Z",
"error_codes": [
7000222
],
"timestamp": "2021-09-22 04:37:03Z",
"trace_id": "[Trace ID]",
"correlation_id": "[Correlation ID]",
"error_uri": "https://accounts.accesscontrol.windows.net/error?code=7000222"
}When you encounter this, its time to renew the client secret. Note that the same client id can be used as it does not expire.
It is recommended to renew the secret before the expiry, to avoid interruptions.
⭐ How to renew expired SharePoint client secret ?
We can either renew the existing client secret (if its not expired yet), or create a new one.
We will use SharePoint Online Management Shell (PowerShell) for this and you must be a Microsoft 365 Tenant Administrator.
Open SPO Management Shell (Run as Administrator) and run the below commands to check the the expiry date for given client ID.
Install-Module MSOnline
Import-Module MSOnline
Connect-MSOLService
(Get-MsolServicePrincipalCredential -AppPrincipalId [Enter Client ID]
-ReturnKeyValues $true).EndDate.ToShortDateString() | select
Note the last date.
Execute the below script to create a new client secret, you can even define the new expiry date.
❗️ Important - This will work only if you are a Tenant Admin.
Connect-MSOLService
$clientId = "Enter the client ID here"
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$newClientSecret = [System.Convert]::ToBase64String($bytes)
//Setting up the expiry date to 3 years from now
$startDate = [System.DateTime]::Now
$endDate = $startDate.AddYears(3)
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $startDate -EndDate $endDate
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret -StartDate $startDate -EndDate $endDate
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate $startDate -EndDate $endDate
$newClientSecret
Copy the new secret value and use it for connecting now. Refer steps here to validate using Postman if the new client secret works well.
More Posts related to SharePoint,
- PowerShell - How to use Try Catch Finally blocks for error exception handling (Windows/SharePoint)
- SharePoint List excel import - This table exceeds the maximum number of supported rows
- Update SharePoint Online List Item using REST API, HTML, Spfx, Postman
- Fix SharePoint Error - The Managed Metadata Service or Connection is currently not available. The Application Pool or Managed Metadata Web Service may not have been started
- SharePoint list excel import error - Title is a required filed and can't be empty
- Move Copy Migrate SharePoint OneDrive files folders to different site collection location
- Create SharePoint list from Excel spreadsheet and import table
- Send Email using SharePoint PowerShell command, SMTP server
- [Fix] Restricted View permission level missing in SharePoint Online site library
- How to get SharePoint List Item URL using PowerShell
- The service instance
- How to get the SharePoint Tenant Login URL
- New-SPLogFile PowerShell - create new SharePoint log file
- Not receiving email notification alert in SharePoint Online workflow - Power Automate, FLOW
- SharePoint Server 2016 Preview installation error - This Product Key isn't a valid Microsoft Office 2016 Product Key. Check that you've entered it correctly.
- How to change order of fields on new item form for SharePoint Online list
- Update Created By (Author) column of SharePoint document using PowerShell
- How to delete SharePoint Online List Item using REST API
- 'Edit Document' Requires a Windows Sharepoint Services-compatible application and Microsoft Internet Explorer 6.0 or higher
- Create SharePoint Site Collection using PowerShell New-SPSite
- How to customize SharePoint Modern list form using JSON formatting
- How to get SharePoint Online user details from person or group column using REST API
- SharePoint excel error - A problem occurred while connecting to the server. If the problem continues, contact your administrator.
- How to create SharePoint List Item programmatically using C#.net
- How to Get or Set SharePoint Document ID _dlc_DocId using PowerShell
More Posts:
- Install Microsoft Remote Desktop (RDP) Client on Mac - Microsoft
- How to fix command not found brew (bash, zsh) on macOS Terminal - MacOS
- Java - Calculate time taken for the code to execute in milliseconds or nanoseconds - Java
- Cannot create new Microsoft Team using PowerShell, even as Admin - Teams
- [fix] Docker: Alpine Linux - /bin/sh: bash: not found - Docker
- [Tutorial] Write And Run Python Code In Notepad++ Editor - NotepadPlusPlus
- Install Java Runtime Environment (Oracle or open JRE) on Ubuntu - Linux
- How to make jsfiddle bootstrap ready - CSS
