External applications can connect to SharePoint (Online and On-premise) via OAuth using a bearer token. A client ID and secret is required to establish this connection (say via a SharePoint Add-in / provider-hosted App).
Refer here for steps to generate SharePoint client id and secret.The client secret has a default validity of one year and expires after a year. You will receive an error message like below "The provided client secret keys are expired".
SharePoint App error AADSTS7000222 - client key expired
The remote server returned an error: (401) Unauthorized.{ "error": "invalid_client", "error_description": "AADSTS7000222: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app, or consider using certificate credentials for added security: https://docs.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials\r\nTrace ID: [Trace ID]\r\nCorrelation ID: [Correlation ID]\r\nTimestamp: 2021-09-22 04:37:03Z", "error_codes": [ 7000222 ], "timestamp": "2021-09-22 04:37:03Z", "trace_id": "[Trace ID]", "correlation_id": "[Correlation ID]", "error_uri": "https://accounts.accesscontrol.windows.net/error?code=7000222"}When you encounter this, its time to renew the client secret. Note that the same client id can be used as it does not expire.
It is recommended to renew the secret before the expiry, to avoid interruptions.
⭐ How to renew expired SharePoint client secret ?
We can either renew the existing client secret (if its not expired yet), or create a new one.
We will use SharePoint Online Management Shell (PowerShell) for this and you must be a Microsoft 365 Tenant Administrator.
Open SPO Management Shell (Run as Administrator) and run the below commands to check the the expiry date for given client ID.
Install-Module MSOnlineImport-Module MSOnlineConnect-MSOLService(Get-MsolServicePrincipalCredential -AppPrincipalId [Enter Client ID] -ReturnKeyValues $true).EndDate.ToShortDateString() | selectNote the last date.
Execute the below script to create a new client secret, you can even define the new expiry date.
❗️ Important - This will work only if you are a Tenant Admin.
Connect-MSOLService$clientId = "Enter the client ID here"$bytes = New-Object Byte[] 32$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()$rand.GetBytes($bytes)$rand.Dispose()$newClientSecret = [System.Convert]::ToBase64String($bytes)//Setting up the expiry date to 3 years from now$startDate = [System.DateTime]::Now$endDate = $startDate.AddYears(3)New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $startDate -EndDate $endDateNew-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret -StartDate $startDate -EndDate $endDateNew-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate $startDate -EndDate $endDate$newClientSecret
Copy the new secret value and use it for connecting now. Refer steps here to validate using Postman if the new client secret works well.
More Posts related to SharePoint,
- SharePoint error - An exception occurred when trying to issue security token: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms..
- PowerShell iterate and get all SharePoint sites and sub sites
- SharePoint Online: Editing session has ended Message
- How to Share Microsoft SharePoint Site with Users or Groups
- How to delete SharePoint Online List Item using REST API
- SharePoint List excel import - This table exceeds the maximum number of supported rows
- How to disable SharePoint subsite creation option for owners
- SharePoint 2010 August 2015 Update KB3055049 - Duplicate Document ID issue bug fixed
- SharePoint Server 2016 Preview installation error - This Product Key isn't a valid Microsoft Office 2016 Product Key. Check that you've entered it correctly.
- How to upload file programmatically to SharePoint Document Library using Server Object Model C# .Net
- Access URL for SharePoint Tenant Admin Center (Online Office 365)
- Error when deleting SharePoint Online folder or file
- How to extend retiring SharePoint 2010 Workflows and continue with Office 365
- How to generate client id and secret to register SharePoint App with OAuth
- How to delete SharePoint List Item programmatically using C#.Net
- How to retrieve all SharePoint Online List Items using Rest API
- [Solved] SharePoint Search Internal server error exception
- Create SharePoint Site Collection using PowerShell New-SPSite
- Fix SharePoint PowerShell error - The term Get-SPweb is not recognized as the name of a cmdlet function script file or operable program
- How to enable anonymous public access for SharePoint Online site collection, file, folder without login ?
- SharePoint Server 2016 installation System Hardware requirements
- How to create SharePoint Online List Item using REST API
- Changed AD user display name showing old name in SharePoint
- Recommended size and resolution for SharePoint Online Site logo
- Microsoft 365: How to Turn Off Delve in SharePoint Online for All Users
More Posts:
- Fix Generics: error unexpected type required: class found: type parameter - Java
- Fix: UnsupportedClassVersionError: Unsupported major.minor version 63.0 - Java
- How to add a Task List to Quick View Menu in SharePoint Online Site - SharePoint
- Install GitHub Command Line Tool on Mac - Git
- How to Write Code in Windows Notepad - Windows
- Working with Bluetooth on Mac Terminal using blueutil Commands - MacOS
- How to change Android EditText Cursor Color - Android
- Ubuntu: How to set Environment Variable - Ubuntu
