Replacing an Expiring Client Secret / JWT Token Error

Vahe Voskanian -

A new Client Secret must be generated every year for all SharePoint Apps (including Prime 365), otherwise you will receive a "invalid JWT Token Error". For more details please see this article. Below you will find two articles that give step by step instructions on how to generate and replace an existing client secret.

Generating a new secret 

1. Create a client ID variable by inserting the following line into the Windows Powershell console. Use the client ID of the SharePoint Management Shell Add-in as the parameter.

NOTE: If you don't have SharePoint Management Shell then you can download it here. To learn how to connect and use it please check out this article.

NOTE: You also need to have "SharePoint administrator" or "Global administrator" role in Office 365 in order to execute the following PowerShell. Here is a quick screenshot of what it looks like. You may click her to learn how to assign admin roles in Office 365.



$clientId = 'client id of the add-in'

2. Generate a new client secret with the following lines. 

  • $bytes = New-Object Byte[] 32
    $rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
    $newClientSecret = [System.Convert]::ToBase64String($bytes)
    New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret
    New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret
    New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret

3. The new Client Secret will appear on the Windows Powershell console. Copy this into a text file. 

4. If Emgage is hosting it then please send that text file to us we will update the Client Secret Key. If you are hosting then you would have to update it on your side.


IMPORTANT: As a security feature, Office 365 requires that you do this once every year, so be prepared to do this again.





Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk