As you probably know when you register new app in Sharepoint (using /_layouts/15/AppRegNew.aspx) it’s expiration date is set to 1 year from moment of registration. If your app is expired perform the following steps in order to renew it on 3 years:
1. Run Windows PowerShell and connect to Msol:
1 | Connect-MsolService |
2. Get list of all apps:
1 | Get-MsolServicePrincipal -all | Where-Object -FilterScript { ($_.DisplayName -notlike "*Microsoft*") -and ($_.DisplayName -notlike "autohost*") -and ($_.ServicePrincipalNames -notlike "*localhost*") } | Out-File log_apps.txt -Append |
3. From generated log_apps.txt copy AppPrincipalId for expired app
4. Get list of all principals:
1 | Get-MsolServicePrincipalCredential -AppPrincipalId {copied_app_principal_id} -ReturnKeyValues $true | Out-File log_principals.txt -Append |
1 2 3 4 5 6 7 8 9 10 11 12 13 | # start script$clientId = "{copied_app_principal_id}"$bytes = New-Object Byte[] 32$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()$rand.GetBytes($bytes)$rand.Dispose()$newClientSecret = [System.Convert]::ToBase64String($bytes)New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate (Get-Date) -EndDate (Get-Date).AddYears(3)New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret -StartDate (Get-Date) -EndDate (Get-Date).AddYears(3)New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate (Get-Date) -EndDate (Get-Date).AddYears(3)Write-Host "New client secret:"$newClientSecret# end script |
Depending on permissions which are required for your app you may need to run the last script under tenant admin account (if app requires tenant full access).
No comments:
Post a Comment