SharePoint Pals
 | Sign In
SharePoint OAuth using Client ID and Secret
by Krishna KV 21 Aug 2016
Author
Team Leader, Aspire Systems
Visits   
Today  :   3     Total  :    4318

SharePoint OAuth is used to authorize the user using a token instead of credentials (username and password). The token can grant access to a specific site or list. Users can also share their data’s (document, pictures, content) with other site user without sharing their credentials.

If the SharePoint add-ins need to access the site information the add-ins should have the Client ID and Client Secret. We can generate the same using the SharePoint site or power shell and add them to the Add-ins. There can be single client id to be associated with add-ins, whereas multiple client secret is possible.

To create a client ID and client secret.

http://{sharepointsite}/_layouts/15/AppRegNew.aspx

Client ID – it Is a GUID for the SharePoint Add in.

Client Secret – it is the password for the add-ins. It is associated with the client id; it will be shown again. We need to store in secure or able to regenerate a new client secret.

Title – It is a user friendly name used to display in the add in trust screen.

Add in domain- The host of the remote server of the add in. If the https is not configured in 443, then we need to mention the port number.

Redirect URL – The end point of the remote application to send ACS authentication code.

The client secret will be expired after a year created using AppRegNew.aspx. We can update a new secret key using power shell. We can increase the duration of the client secret up to maximum of 3 years. The newly generate key takes 24 hours or straight away to update, it is better to generate new secret key before a day. If the secret key expires the add-ins will return the error “The remote server returned an error: (401) Unauthorized.”

To view the list of add ins.

https://{sharepointsite}/_layouts/15/AppPrincipals.aspx

To view the details of an add-ins or grant permission

https://{sharepointsite}/_layouts/15/Appinv.aspx

· It will not return the client secret.

Refreshing a client secret.

Prerequisites

· http://go.microsoft.com/fwlink/p/?linkid=236298 (Microsoft online power shell Module 32 bit)

· http://go.microsoft.com/fwlink/p/?linkid=236297 (Microsoft online power shell Module 64 bit)

· https://www.microsoft.com/download/details.aspx?id=39267 (Microsoft Online Services Sign-In Assistant)

Open the power shell and execute the below cmdlets.

 import-module MSOnline
 Connect-MsolService (provide the tenant administrator username and password)
 Store the client id in a variable
 $clientId="358658dc-f04b-4c37-a260-2227eb51dde1"
 
 Generate a key with default expiration (one year). 
 $bytes = New-Object Byte[] 32
 $rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
 $rand.GetBytes($bytes)
 $rand.Dispose()
 $newClientSecret = [System.Convert]::ToBase64String($bytes)
 New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret
 New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret
 New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret
 $newClientSecret
 
 Generate the client secret with three years expiration. 
 	Includinh–EndDateparameter parameter on the three calls of the New-MsolServicePrincipalCredential cmdlet
 $bytes = New-Object Byte[] 32
 $rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
 $rand.GetBytes($bytes)
 $rand.Dispose()
 $newClientSecret = [System.Convert]::ToBase64String($bytes)
 $dtStart = [System.DateTime]::Now
 $dtEnd = $dtStart.AddYears(3)
 New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $dtStart  –EndDate $dtEnd
 New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret   -StartDate $dtStart  –EndDate $dtEnd
 New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret   -StartDate $dtStart  –EndDate $dtEnd
 $newClientSecret

Updating the new secret in app.config/web.config

  <add key="ClientId" value="your client id here" />
  <add key="ClientSecret" value="your new secret here" />
  <add key="SecondaryClientSecret" value="your old secret here" />
blog comments powered by Disqus

SharePoint Pals

Pals
SharePoint Pals, a community portal for SharePoint developers, Administrators and End Users. Let's join hands and share the point together.
Read this on mobile

Training

Angular Js Training In Chennai
Advanced Angular Js training with real world developer scenarios
Angular Js, Web Api and Ionic for .Net Developers
All in one client side application development for .Net developers
Angular Js For SharePoint Developers
Get ready for the future. Its no more just C#

Get Connected

SharePoint Resources

SharePoint 2013 and 2010 Web Parts
Free Web Parts with Source Code for SharePoint Community




SharePoint 2013 Books and Tutorials
Collection of free SharePoint 2013 books and tutorials (eBooks, pdfs)

Supported By

Contribute your article and be eligible for a one month Free Subscription for Plural Sight. The Author of the most popular New Article (published in the previous month) will be awarded with a Free One month Plural Sight Subscription. Article can be sent to articles@sharepointpals.com in a word document.

Related Resources

Recent Tweets

Twitter January 15, 00:25
How To Enable Target Value And Actual Value In #D3 Gauge Chart https://t.co/VxSi4QnNrC

Twitter January 15, 00:24
How To Open #SharePoint List Hyperlink Column In Modal #Popup Window https://t.co/EQ7HkoZDkX

Twitter January 15, 00:24
Quick Introduction To #Asp.NetCore And It’s Features https://t.co/zAXObHCFpH

Twitter January 15, 00:22
How To Configure #PerformancePoint Services To Use Secure Store In #SharePoint 2013 https://t.co/LEwnUoI7EY

Twitter January 15, 00:21
How To Block Or Disable #Office365 Services https://t.co/Yvp2VPFIRP

Follow us @SharePointPals
Note: For Customization and Configuration, CheckOutRecent Tweets Documentation