Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Renews an Expired ClientSecret for a Sharepoint Addin/ACS App Registration
<#
Renew An Expired Clientsecret For A Sharepoint Addin/ACS App Registration
WHEN A SHAREPOINT ADDIN/ACS APP REGISTRATION IS CREATED THE CLIENTSECRET IS SET TO EXPIRE IN 1 YEAR
THIS SCRIPT WILL RENEW AN EXPIRED CLIENTSECRET WITH A VALUE THAT EXPIRES IN 3 YEARS
.\msol-renewsharepointaddinsecret.ps1 -clientId "" -userName "" -userPassword ""
#>
param (
[string]$clientId,
[string]$userName = "",
[string]$userPassword = "",
[int]$years = 3
)
Clear-Host
Write-Host "================================================================================================`n= RENEW AN EXPIRED CLIENTSECRET FOR A SHAREPOINT ADDIN/ACS APP REGISTRATION -- (for $years Years)`n================================================================================================`n" -ForegroundColor Yellow
function Confirm-Script {
param (
[string]$message = "",
[string]$actionKey = "S"
)
$Global:canRun = $true
if (-not $Quiet) {
if ($message -ne "") {
$message = "$message, "
}
Write-Host "`n$($message)Press $($actionKey.ToUpper()) to start, or any other key to exit..." -ForegroundColor Yellow
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
$Global:canRun = $(($x.Character -eq "$($actionKey.ToUpper())") -or ($x.Character -eq "$($actionKey.ToLower())"))
}
}
function Test-Guid
{
[Cmdletbinding()]
[OutputType([bool])]
param
(
[Parameter(Mandatory = $true, Position = 0, ValueFromPipelineByPropertyName = $true)]
[AllowEmptyString()]
[string]$InputObject
)
process{
return [guid]::TryParse($InputObject, $([ref][guid]::Empty))
}
}
# VALIDATE MSOL Module
$hasMsolModule = (Get-Command Connect-MsolService -ErrorAction SilentlyContinue)
if ( ($hasMsolModule -eq $null) ) {
Write-Host "ERROR: the MSOnline PowerShell Module is not installed!" -ForegroundColor Red
Write-Host "`nInstall the MSOnline module with 'Install-Module MSOnline'....`n" -ForegroundColor Red
Get-InstalledModule
return
}
# VALIDATE PARAMETERS....
if ( ($clientId -eq "") ) {
Write-Host "ERROR: no -clientId parameter specified!`n" -ForegroundColor Red
return
} elseif (-not (Test-Guid $clientId)) {
Write-Host "ERROR: the -clientId parameter must be a valid GUID!`n" -ForegroundColor Red
return
}
if ( (($userName -eq "") -and ($userPassword -eq "")) ) {
Write-Host "ERROR: no -userName and/or -userPassword parameters specified!`n" -ForegroundColor Red
return
}
# CREATE CREDENTIAL OBJECT
$securePassword = $userPassword | ConvertTo-SecureString -AsPlainText -Force
$credentialObject = New-Object System.Management.Automation.PSCredential -ArgumentList $userName, $securePassword
# CONNECT
Write-Host "Connecting to the MSOL Service...`n" -ForegroundColor Green
Connect-MsolService -Credential $credentialObject
# GET THE APP REGISTRATION SERVICE PRINCIPAL
$sp = Get-MsolServicePrincipal -AppPrincipalId $clientId -ErrorAction SilentlyContinue
if ( $sp -eq $null ) {
Write-Host "ERROR: a SharePoint Addin/ACS App Registration with the ClientId $clientId was not found!`n" -ForegroundColor Red
return
}
# GET THE SERVICE PRINCIPAL KEYS
$spKeys = Get-MsolServicePrincipalCredential -AppPrincipalId $clientId -ReturnKeyValues $true
if ( ($spKeys -eq $null) -or ($spKeys.Count -lt 1)) {
Write-Host "ERROR: the SharePoint Addin/ACS App Registration does not have any key credentials to renew!`n" -ForegroundColor Red
return
}
Write-Host "SharePoint Addin/ACS App Registration" -ForegroundColor Cyan
Write-Host "$($sp.DisplayName)" -ForegroundColor White
Write-Host "- AppPrincipalId (ClientId): $($sp.AppPrincipalId)" -ForegroundColor White
Write-Host "- ObjectId: $($sp.ObjectId)" -ForegroundColor White
Write-Host "- Redirect Url: $($sp.Addresses[0].Address) ($($sp.Addresses[0].AddressType))" -ForegroundColor White
Write-Host "- Key Credentials:" -ForegroundColor White
$spKeys | % {
Write-Host " ..... Type: $($_.Type)" -ForegroundColor White
Write-Host " Usage: $($_.Usage)" -ForegroundColor White
Write-Host " KeyId: $($_.KeyId)" -ForegroundColor White
Write-Host " Start Date: $($_.StartDate)" -ForegroundColor White
Write-Host " Expire Date: $($_.EndDate)" -ForegroundColor White
}
# SCRIPT CONFIRMATION (1)
Confirm-Script -message "Continue renewing key credentials" -actionKey "R"
# BAIL OUT
if ($Global:canRun -eq $false) {
return
}
# SCRIPT CONFIRMATION (2)
Confirm-Script -message "Renew key credentials for this SharePoint Addin/ACS App Registration" -actionKey "C"
# BAIL OUT
if ($Global:canRun -eq $false) {
return
}
# REMOVE EXISTING KEYS
Write-Host "Removing existing key credentials..." -ForegroundColor Green
Remove-MsolServicePrincipalCredential -AppPrincipalId $clientId -KeyIds $spKeys.KeyId
Write-Host "- Done`n" -Foregroundcolor Yellow
# CREATE NEW KEYS
Write-Host "Creating new key credentials..." -ForegroundColor Green
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$newClientSecret = [System.Convert]::ToBase64String($bytes)
$dtStart = [System.DateTime]::Now
$dtEnd = $dtStart.AddYears($years)
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
Write-Host "...New Client Secret: $newClientSecret" -ForegroundColor Cyan
Write-Host "...Starts On: $dtStart" -ForegroundColor Cyan
Write-Host "...Expires On: $dtEnd" -ForegroundColor Cyan
Write-Host "- Done`n" -Foregroundcolor Yellow
# END
Write-Host "`n---------------------------------------------------------------------------------------------------------------------------------------------------------------------------"
Write-Host "Finished..." -Foregroundcolor Yellow
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment