External applications can connect to SharePoint (Online and On-premise) via OAuth using a bearer token. A client ID and secret is required to establish this connection (say via a SharePoint Add-in / provider-hosted App).
Refer here for steps to generate SharePoint client id and secret.The client secret has a default validity of one year and expires after a year. You will receive an error message like below "The provided client secret keys are expired".
SharePoint App error AADSTS7000222 - client key expired
The remote server returned an error: (401) Unauthorized.
{
"error": "invalid_client",
"error_description": "AADSTS7000222: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app, or consider using certificate credentials for added security: https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials\r\nTrace ID: [Trace ID]\r\nCorrelation ID: [Correlation ID]\r\nTimestamp: 2021-09-22 04:37:03Z",
"error_codes": [
7000222
],
"timestamp": "2021-09-22 04:37:03Z",
"trace_id": "[Trace ID]",
"correlation_id": "[Correlation ID]",
"error_uri": "https://accounts.accesscontrol.windows.net/error?code=7000222"
}When you encounter this, its time to renew the client secret. Note that the same client id can be used as it does not expire.
It is recommended to renew the secret before the expiry, to avoid interruptions.
⭐ How to renew expired SharePoint client secret ?
We can either renew the existing client secret (if its not expired yet), or create a new one.
We will use SharePoint Online Management Shell (PowerShell) for this and you must be a Microsoft 365 Tenant Administrator.
Open SPO Management Shell (Run as Administrator) and run the below commands to check the the expiry date for given client ID.
Install-Module MSOnline
Import-Module MSOnline
Connect-MSOLService
(Get-MsolServicePrincipalCredential -AppPrincipalId [Enter Client ID]
-ReturnKeyValues $true).EndDate.ToShortDateString() | select
Note the last date.
Execute the below script to create a new client secret, you can even define the new expiry date.
❗️ Important - This will work only if you are a Tenant Admin.
Connect-MSOLService
$clientId = "Enter the client ID here"
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$newClientSecret = [System.Convert]::ToBase64String($bytes)
//Setting up the expiry date to 3 years from now
$startDate = [System.DateTime]::Now
$endDate = $startDate.AddYears(3)
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $startDate -EndDate $endDate
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret -StartDate $startDate -EndDate $endDate
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate $startDate -EndDate $endDate
$newClientSecret
Copy the new secret value and use it for connecting now. Refer steps here to validate using Postman if the new client secret works well.
More Posts related to SharePoint,
- error CAML Query containing special characters
- [Solved] SharePoint Illegal operation attempted on a registry key that has been marked for deletion
- Trigger Flow on selected Listitem from SharePoint view - create button with JSON column formatting
- SharePoint Excel error - The workbook cannot be opened because it contains the following features that are not supported by Excel in the browser
- Send Email with attachment using SharePoint PowerShell, SMTP server
- How to show or hide columns in SharePoint Online List Library from
- SharePoint excel error - A problem occurred while connecting to the server. If the problem continues, contact your administrator.
- How to get SharePoint Online user details from person or group column using REST API
- How to get SharePoint List Item URL using PowerShell
- How to get the SharePoint Tenant Login URL
- Special character & not working with SharePoint REST API
- How to disable SharePoint subsite creation option for owners
- Managed Metadata error - The data returned from the tagging UI was not formatted correctly
- Deploy SharePoint wsp solution package using PowerShell
- How to create classic site in SharePoint Online
- See actual SharePoint error exception modify web.config
- 'Edit Document' Requires a Windows Sharepoint Services-compatible application and Microsoft Internet Explorer 6.0 or higher
- How to enable anonymous public access for SharePoint Online site collection, file, folder without login ?
- SharePoint installation error - Setup is unable to proceed due to the following error This product requires Microsoft .Net Framework 4.5
- How to add animated Gif to SharePoint Online Page
- [Solved] SharePoint Search Internal server error exception
- How to create SharePoint Document Library
- SharePoint - Use Today's Date Time in list view filter and calculated column
- How to redirect SharePoint Site Collection to different URL
- SharePoint error cannot connect to the configuration database
More Posts:
- How to Sync Microsoft Teams Calendar with Mac Calendar - Microsoft
- Android Emulator] ##KBD: Full queue, lose event Error Logs - Android
- How to Screenshot on Mac Ventura 13 - Step by Step Guide - MacOS
- How to use HashTags # correctly on Social Media Facebook Twitter - HowTos
- How to add duration to Android Toast makeText method - Android
- How to Stop Screen Recording on Mac - MacOS
- Android Studio : Connection Error : Failed to download patch file - Android-Studio
- How to copy file name and path to clipboard in Notepad++ - NotepadPlusPlus
