SharePoint lifehacks: create SharePoint app registration with client secret which never expires

SharePoint
2 min read
#sharepoint #client secret #lifehack

IMPORTANT: According to the comments, this method doesn’t work in all cases. For example, you cannot provide ‘App Domain’ value to be used inside SharePoint provider-hosted addin. If you need it only for some background jobs (which use app-only authentication), then you still can use below method. 

I bet you know about a page in SharePoint with address AppRegNew.aspx. You use this page to create a new app registration, generate ClientId and ClientSecret. One important thing about ClientSecret generated with AppRegNew.aspx is that secret has expiration time. By default expiration is 1 year. You can easily replace it afterwards, there is an article out there - Replace an expiring client secret in a SharePoint Add-in. You can even generate a new one with maximum of three years of expiration. Sometimes it’s inconvenient, especially if you have to manage multiple SharePoint apps with different expirations. Do you know, that you can generate a secret, which never expires? Well, technically almost never, but 300 years is pretty good, isn’t it? My ex-college found a way to do that, read further to find out how.

[Disclaimer]: This method works only for SharePoint Online. The funny thing is, that we’re not going to use AppRegNew.aspx page at all. Instead, you should go to your Azure AD management portal and create a new App registration in Azure Portal:

For application type select anything you want (WebApi or Native). After the registration is created, click on settings, then keys, click on duration drop down and select Never expires:

So we have a never ending key. However the issue is, that we have created Azure AD application, not SharePoint app registration. No worries, your Azure AD app is accessible from SharePoint’s AppInv.aspx page!

All you need to do is to go to your SharePoint portal, open _layouts/15/AppInv.aspx, paste in your Azure AD Application ID, click Lookup and update permissions for your app!

Now you can safely use ClientSecret anywhere you want and it will expire only in 2299!