SharePoint OAuth using Client ID and Secret

Krishna KV
Team Leader, Aspire Systems
Published On :   21 Aug 2016
Visit Count
Today :  21    Total :   13612
Plan, Migrate, Secure, Report
SharePoint & Office 365 Tool. Simple & Easy to Use. 15-Day Trial!

SharePoint Office 365 Tool
Simple & Powerful Tool for Migration, Security & Reporting. Free Trial

SharePoint OAuth is used to authorize the user using a token instead of credentials (username and password). The token can grant access to a specific site or list. Users can also share their data’s (document, pictures, content) with other site user without sharing their credentials.

If the SharePoint add-ins need to access the site information the add-ins should have the Client ID and Client Secret. We can generate the same using the SharePoint site or power shell and add them to the Add-ins. There can be single client id to be associated with add-ins, whereas multiple client secret is possible.

To create a client ID and client secret.


Client ID – it Is a GUID for the SharePoint Add in.

Client Secret – it is the password for the add-ins. It is associated with the client id; it will be shown again. We need to store in secure or able to regenerate a new client secret.

Title – It is a user friendly name used to display in the add in trust screen.

Add in domain- The host of the remote server of the add in. If the https is not configured in 443, then we need to mention the port number.

Redirect URL – The end point of the remote application to send ACS authentication code.

The client secret will be expired after a year created using AppRegNew.aspx. We can update a new secret key using power shell. We can increase the duration of the client secret up to maximum of 3 years. The newly generate key takes 24 hours or straight away to update, it is better to generate new secret key before a day. If the secret key expires the add-ins will return the error “The remote server returned an error: (401) Unauthorized.”

To view the list of add ins.


To view the details of an add-ins or grant permission


· It will not return the client secret.

Refreshing a client secret.


· (Microsoft online power shell Module 32 bit)

· (Microsoft online power shell Module 64 bit)

· (Microsoft Online Services Sign-In Assistant)

Open the power shell and execute the below cmdlets.

 import-module MSOnline
 Connect-MsolService (provide the tenant administrator username and password)
 Store the client id in a variable
 Generate a key with default expiration (one year). 
 $bytes = New-Object Byte[] 32
 $rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
 $newClientSecret = [System.Convert]::ToBase64String($bytes)
 New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret
 New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret
 New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret
 Generate the client secret with three years expiration. 
 	Includinh–EndDateparameter parameter on the three calls of the New-MsolServicePrincipalCredential cmdlet
 $bytes = New-Object Byte[] 32
 $rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
 $newClientSecret = [System.Convert]::ToBase64String($bytes)
 $dtStart = [System.DateTime]::Now
 $dtEnd = $dtStart.AddYears(3)
 New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $dtStart  –EndDate $dtEnd
 New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret   -StartDate $dtStart  –EndDate $dtEnd
 New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret   -StartDate $dtStart  –EndDate $dtEnd

Updating the new secret in app.config/web.config

  <add key="ClientId" value="your client id here" />
  <add key="ClientSecret" value="your new secret here" />
  <add key="SecondaryClientSecret" value="your old secret here" />
SharePoint Usage Reports
Usage reports, collaboration and audit for SharePoint.

Migratiin Tools for SharePoint