Instantly share code, notes, and snippets.
Last active
October 26, 2022 11:04
-
Star
1
(1)
You must be signed in to star a gist -
Fork
0
(0)
You must be signed in to fork a gist
-
Save phillipharding/ce2ddd1acebc65163b23c3f1f5c978d9 to your computer and use it in GitHub Desktop.
Renews an Expired ClientSecret for a Sharepoint Addin/ACS App Registration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Renew An Expired Clientsecret For A Sharepoint Addin/ACS App Registration | |
| WHEN A SHAREPOINT ADDIN/ACS APP REGISTRATION IS CREATED THE CLIENTSECRET IS SET TO EXPIRE IN 1 YEAR | |
| THIS SCRIPT WILL RENEW AN EXPIRED CLIENTSECRET WITH A VALUE THAT EXPIRES IN 3 YEARS | |
| .\msol-renewsharepointaddinsecret.ps1 -clientId "" -userName "" -userPassword "" | |
| #> | |
| param ( | |
| [string]$clientId, | |
| [string]$userName = "", | |
| [string]$userPassword = "", | |
| [int]$years = 3 | |
| ) | |
| Clear-Host | |
| Write-Host "================================================================================================`n= RENEW AN EXPIRED CLIENTSECRET FOR A SHAREPOINT ADDIN/ACS APP REGISTRATION -- (for $years Years)`n================================================================================================`n" -ForegroundColor Yellow | |
| function Confirm-Script { | |
| param ( | |
| [string]$message = "", | |
| [string]$actionKey = "S" | |
| ) | |
| $Global:canRun = $true | |
| if (-not $Quiet) { | |
| if ($message -ne "") { | |
| $message = "$message, " | |
| } | |
| Write-Host "`n$($message)Press $($actionKey.ToUpper()) to start, or any other key to exit..." -ForegroundColor Yellow | |
| $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") | |
| $Global:canRun = $(($x.Character -eq "$($actionKey.ToUpper())") -or ($x.Character -eq "$($actionKey.ToLower())")) | |
| } | |
| } | |
| function Test-Guid | |
| { | |
| [Cmdletbinding()] | |
| [OutputType([bool])] | |
| param | |
| ( | |
| [Parameter(Mandatory = $true, Position = 0, ValueFromPipelineByPropertyName = $true)] | |
| [AllowEmptyString()] | |
| [string]$InputObject | |
| ) | |
| process{ | |
| return [guid]::TryParse($InputObject, $([ref][guid]::Empty)) | |
| } | |
| } | |
| # VALIDATE MSOL Module | |
| $hasMsolModule = (Get-Command Connect-MsolService -ErrorAction SilentlyContinue) | |
| if ( ($hasMsolModule -eq $null) ) { | |
| Write-Host "ERROR: the MSOnline PowerShell Module is not installed!" -ForegroundColor Red | |
| Write-Host "`nInstall the MSOnline module with 'Install-Module MSOnline'....`n" -ForegroundColor Red | |
| Get-InstalledModule | |
| return | |
| } | |
| # VALIDATE PARAMETERS.... | |
| if ( ($clientId -eq "") ) { | |
| Write-Host "ERROR: no -clientId parameter specified!`n" -ForegroundColor Red | |
| return | |
| } elseif (-not (Test-Guid $clientId)) { | |
| Write-Host "ERROR: the -clientId parameter must be a valid GUID!`n" -ForegroundColor Red | |
| return | |
| } | |
| if ( (($userName -eq "") -and ($userPassword -eq "")) ) { | |
| Write-Host "ERROR: no -userName and/or -userPassword parameters specified!`n" -ForegroundColor Red | |
| return | |
| } | |
| # CREATE CREDENTIAL OBJECT | |
| $securePassword = $userPassword | ConvertTo-SecureString -AsPlainText -Force | |
| $credentialObject = New-Object System.Management.Automation.PSCredential -ArgumentList $userName, $securePassword | |
| # CONNECT | |
| Write-Host "Connecting to the MSOL Service...`n" -ForegroundColor Green | |
| Connect-MsolService -Credential $credentialObject | |
| # GET THE APP REGISTRATION SERVICE PRINCIPAL | |
| $sp = Get-MsolServicePrincipal -AppPrincipalId $clientId -ErrorAction SilentlyContinue | |
| if ( $sp -eq $null ) { | |
| Write-Host "ERROR: a SharePoint Addin/ACS App Registration with the ClientId $clientId was not found!`n" -ForegroundColor Red | |
| return | |
| } | |
| # GET THE SERVICE PRINCIPAL KEYS | |
| $spKeys = Get-MsolServicePrincipalCredential -AppPrincipalId $clientId -ReturnKeyValues $true | |
| if ( ($spKeys -eq $null) -or ($spKeys.Count -lt 1)) { | |
| Write-Host "ERROR: the SharePoint Addin/ACS App Registration does not have any key credentials to renew!`n" -ForegroundColor Red | |
| return | |
| } | |
| Write-Host "SharePoint Addin/ACS App Registration" -ForegroundColor Cyan | |
| Write-Host "$($sp.DisplayName)" -ForegroundColor White | |
| Write-Host "- AppPrincipalId (ClientId): $($sp.AppPrincipalId)" -ForegroundColor White | |
| Write-Host "- ObjectId: $($sp.ObjectId)" -ForegroundColor White | |
| Write-Host "- Redirect Url: $($sp.Addresses[0].Address) ($($sp.Addresses[0].AddressType))" -ForegroundColor White | |
| Write-Host "- Key Credentials:" -ForegroundColor White | |
| $spKeys | % { | |
| Write-Host " ..... Type: $($_.Type)" -ForegroundColor White | |
| Write-Host " Usage: $($_.Usage)" -ForegroundColor White | |
| Write-Host " KeyId: $($_.KeyId)" -ForegroundColor White | |
| Write-Host " Start Date: $($_.StartDate)" -ForegroundColor White | |
| Write-Host " Expire Date: $($_.EndDate)" -ForegroundColor White | |
| } | |
| # SCRIPT CONFIRMATION (1) | |
| Confirm-Script -message "Continue renewing key credentials" -actionKey "R" | |
| # BAIL OUT | |
| if ($Global:canRun -eq $false) { | |
| return | |
| } | |
| # SCRIPT CONFIRMATION (2) | |
| Confirm-Script -message "Renew key credentials for this SharePoint Addin/ACS App Registration" -actionKey "C" | |
| # BAIL OUT | |
| if ($Global:canRun -eq $false) { | |
| return | |
| } | |
| # REMOVE EXISTING KEYS | |
| Write-Host "Removing existing key credentials..." -ForegroundColor Green | |
| Remove-MsolServicePrincipalCredential -AppPrincipalId $clientId -KeyIds $spKeys.KeyId | |
| Write-Host "- Done`n" -Foregroundcolor Yellow | |
| # CREATE NEW KEYS | |
| Write-Host "Creating new key credentials..." -ForegroundColor Green | |
| $bytes = New-Object Byte[] 32 | |
| $rand = [System.Security.Cryptography.RandomNumberGenerator]::Create() | |
| $rand.GetBytes($bytes) | |
| $rand.Dispose() | |
| $newClientSecret = [System.Convert]::ToBase64String($bytes) | |
| $dtStart = [System.DateTime]::Now | |
| $dtEnd = $dtStart.AddYears($years) | |
| New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd | |
| New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd | |
| New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd | |
| Write-Host "...New Client Secret: $newClientSecret" -ForegroundColor Cyan | |
| Write-Host "...Starts On: $dtStart" -ForegroundColor Cyan | |
| Write-Host "...Expires On: $dtEnd" -ForegroundColor Cyan | |
| Write-Host "- Done`n" -Foregroundcolor Yellow | |
| # END | |
| Write-Host "`n---------------------------------------------------------------------------------------------------------------------------------------------------------------------------" | |
| Write-Host "Finished..." -Foregroundcolor Yellow |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment