pmatthews05/Update-SharePointAddIn.ps1

## Update-SharePointAddIn.ps1
<#
.SYNOPSIS
Updates the SharePoint Add-in Secret everytime.
It expects that you are already connected to Azure AD

.EXAMPLE
.\Update-SharePointAddIn.ps1 -SharePointAddInName "Demo App"

#>
param(
  [Parameter(Manadatory)]
  [string]
  $SharePointAddInName
)

$ErrorActionPreference = 'Stop'
$InformationPreference = 'Continue'

#Call AzCliToAzureAD.ps1 here for Pipeline.

#Create Pasword
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$newClientSecret = [System.Convert]::ToBase64String($bytes)
$dtStart = [System.DateTime]::Now
$dtEnd = $dtStart.AddYears(2)

Write-Information "Getting service principal named: $SharePointAddInName..."
$serviceprincipal = Get-AzureADServicePrincipal -All:$true -Filter "DisplayName eq '$SharePointAddInName'"

if($null -eq $serviceprincipal)
{
    Write-Error "Unable to find service principal named: $SharePointAddInName"
}

Write-Information "Updating KeyCredential Usage Sign..."
New-AzureADServicePrincipalKeyCredential -ObjectId $serviceprincipal.ObjectId -Type:Symmetric -Usage:Sign -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd | Out-Null

Write-Information "Updating KeyCredential Usage Verify..."
New-AzureADServicePrincipalKeyCredential -ObjectId $serviceprincipal.ObjectId -Type:Symmetric -Usage:Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd | Out-Null

Write-Information "Updating PasswordCredential..."
New-AzureADServicePrincipalPasswordCredential -ObjectId $serviceprincipal.ObjectId -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd | Out-Null

#Update the application here.
#For example add the secret to a key vault that the application is getting the secret from.

Write-Information "Remove all KeyCredential started before $(Get-Date $dtStart -Format 'O' )..."
$serviceprincipal = Get-AzureADServicePrincipal -All:$true -Filter "DisplayName eq '$SharePointAddInName'"
$serviceprincipal.KeyCredentials | ForEach-Object{
    $credential = $PSItem
    if($($credential.StartDate) -lt $dtStart)
    {
        Write-Information -MessageData:"Removing KeyCredential $($credential.KeyId)"
        Remove-AzureADServicePrincipalKeyCredential -ObjectId:$serviceprincipal.ObjectId -KeyId:$credential.KeyId
    }
}

Write-Information "Remove all PasswordCredential started before $(Get-Date $dtStart -Format 'O' )..."
$serviceprincipal.PasswordCredentials | ForEach-Object{
    $credential = $PSItem
    if($($credential.StartDate) -lt $dtStart)
    {
        Write-Information -MessageData:"Removing PasswordCredential $($credential.KeyId)"
        Remove-AzureADServicePrincipalPasswordCredential -ObjectId:$serviceprincipal.ObjectId -KeyId:$credential.KeyId
    }
}
	<#
	.SYNOPSIS
	Updates the SharePoint Add-in Secret everytime.
	It expects that you are already connected to Azure AD

	.EXAMPLE
	.\Update-SharePointAddIn.ps1 -SharePointAddInName "Demo App"

	#>
	param(
	[Parameter(Manadatory)]
	[string]
	$SharePointAddInName
	)

	$ErrorActionPreference = 'Stop'
	$InformationPreference = 'Continue'

	#Call AzCliToAzureAD.ps1 here for Pipeline.

	#Create Pasword
	$bytes = New-Object Byte[] 32
	$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
	$rand.GetBytes($bytes)
	$rand.Dispose()
	$newClientSecret = [System.Convert]::ToBase64String($bytes)
	$dtStart = [System.DateTime]::Now
	$dtEnd = $dtStart.AddYears(2)

	Write-Information "Getting service principal named: $SharePointAddInName..."
	$serviceprincipal = Get-AzureADServicePrincipal -All:$true -Filter "DisplayName eq '$SharePointAddInName'"

	if($null -eq $serviceprincipal)
	{
	Write-Error "Unable to find service principal named: $SharePointAddInName"
	}

	Write-Information "Updating KeyCredential Usage Sign..."
	New-AzureADServicePrincipalKeyCredential -ObjectId $serviceprincipal.ObjectId -Type:Symmetric -Usage:Sign -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd \| Out-Null

	Write-Information "Updating KeyCredential Usage Verify..."
	New-AzureADServicePrincipalKeyCredential -ObjectId $serviceprincipal.ObjectId -Type:Symmetric -Usage:Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd \| Out-Null

	Write-Information "Updating PasswordCredential..."
	New-AzureADServicePrincipalPasswordCredential -ObjectId $serviceprincipal.ObjectId -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd \| Out-Null

	#Update the application here.
	#For example add the secret to a key vault that the application is getting the secret from.

	Write-Information "Remove all KeyCredential started before $(Get-Date $dtStart -Format 'O' )..."
	$serviceprincipal = Get-AzureADServicePrincipal -All:$true -Filter "DisplayName eq '$SharePointAddInName'"
	$serviceprincipal.KeyCredentials \| ForEach-Object{
	$credential = $PSItem
	if($($credential.StartDate) -lt $dtStart)
	{
	Write-Information -MessageData:"Removing KeyCredential $($credential.KeyId)"
	Remove-AzureADServicePrincipalKeyCredential -ObjectId:$serviceprincipal.ObjectId -KeyId:$credential.KeyId
	}
	}

	Write-Information "Remove all PasswordCredential started before $(Get-Date $dtStart -Format 'O' )..."
	$serviceprincipal.PasswordCredentials \| ForEach-Object{
	$credential = $PSItem
	if($($credential.StartDate) -lt $dtStart)
	{
	Write-Information -MessageData:"Removing PasswordCredential $($credential.KeyId)"
	Remove-AzureADServicePrincipalPasswordCredential -ObjectId:$serviceprincipal.ObjectId -KeyId:$credential.KeyId
	}
	}