Introduction
The Client Secret for an app in Office 365 is typically valid for a year. After this, the Client Secret expires and the app can no longer be used.
You can only extend your Wizdom app before it expires. You can extend the client secret in up to three years. In this article, we’ll walk you through how to extend a Client Secret for your Wizdom app before the Client Secret is expired.
Prerequisites
Before you start, you’ll need the following:
1) SharePoint Online Management Shell will have to be installed on the development computer. Download it here
2) A tenant administrator user for the Office 365 tenant (or a farm administrator on the farm) where the add-in was registered.
App registration page: '/_layouts/15/AppRegNew.aspx'
3) Save the content of the newclientsecret PowerShell script to newclientsecret.ps1:
$enddate = [DateTime]::Now.AddYears(3).AddDays(-1)
$startdate = [DateTime]::Now
$clientId = Read-Host 'Client id '
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$newClientSecret = [System.Convert]::ToBase64String($bytes)
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -StartDate $startdate -EndDate $enddate -Usage Sign -Value $newClientSecret
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -StartDate $startdate -EndDate $enddate -Usage Verify -Value $newClientSecret
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -StartDate $startdate -EndDate $enddate -Usage Verify -Value $newClientSecret
$newClientSecret
Generate New Client Secret
1) Go to https://portal.azure.com/ and log in to find and copy the client ID of the installed Wizdom app in Notepad for later use. You’ll find it under ‘Environment variables’ for the Wizdom Azure website.
2) Open SharePoint Online Management Schell - run as Administrator.
3) Run the following cmdlet:
Connect-MsolService
4) At the login prompt, enter credentials for the tenant administrator (or SharePoint administrator) for the Office 365 tenant or farm where the add-in was registered with AppRegNew.aspx.
5) Change the directory to the one where you saved newclientsecret.ps1 script. Run the script. You will be prompted for client id, enter the one you copied previously.
6) The new client secret will appear on the SharePoint Online Management Shell console. Copy it to a text file. You’ll use it in the next step.
NOTE: If an error has been reported in the course of this process, the new client secret will not work. If you have a different tenant administrator account you can try and connect with this. Otherwise, you will not be able to generate a new client secret by the means of this method.
If you are missing some PowerShell modules, please have them added. The below list shows some you might need:
Install-module AzureAD
Install-module AzureADPreview
Install-module MSOnline
First time extending the Client Secret
1) Go back to the ‘Application settings’ of the Wizdom Azure website.
2) You have 1 entry for a Client Secret key, like this:
3) Rename this setting to 'SecondaryClientSecret':
4) Click ‘New application setting’, call it ‘ClientSecret’ and paste in the newly generated Client Secret:
Your setup will look like this:
Re-extending the Client Secret
3) Click ‘New application setting’, call it ‘ClientSecret’ and paste in with the new client secret.
Your setup will look like this:
Comments
0 comments
Article is closed for comments.