Get-MsolServicePrincipalCredential - how to get the expiration date for a clientId

Fastest way to verify your Client Id and Client Secret are valid with PowerShell

So, you have a Client Id and a Client Secret, but don’t know if they work anymore? Maybe they are expired? Maybe someone removed them? No worries! We can use PowerShell to validate them easily!

Solution

By using PowerShell, it’s fairly straightforward to verify, that your Client Id and Client Secret work. See the snippets below for 2 different steps:

  1. First we validate, that the values work.
  2. If they don’t, let’s run another script to see if the Client Id exists but has expired.

Validate your Client Id by trying to connect with it

We can validate the Client Id and Secret, by using Connect-PnPOnline to connect to SharePoint Online. 

In other words, in the example, I’m using the PnP PowerShell commandlets to authenticate against a SharePoint Online site, using a Client Id (called AppId) and a Client Secret (called App Secret).

# First, we install the PnP cmdlets in case we don't have them already
Install-Module SharePointPnPPowerShellOnline
 
# If you have them, let's import the module!
Import-Module SharePointPnPPowerShellOnline
 
# After this, we can run Connect-PnPOnline
Connect-PnPOnline -Url [your_sharepoint_site_url] -AppId [clientId] -AppSecret [clientSecret]

This shouldn’t return anything. If it doesn’t, it means it works 🙂

In case that didn’t work, your principal might have expired, or your values are simply not valid. This should lead to an authentication error!

Check your Client Id’s expiration date

To verify that the Client Id hasn’t expired, but rather is still valid, we’ll query the service principals in PowerShell using some of the available cmdlets. See below for different options…

Azure AD v1 (MSOnline)

You can run this in SharePoint Online Management Shell or Windows PowerShell:

# First, we install the cmdlets in case we don't have them already
Install-Module MSOnline
 
# If you have them already, let's import the module!
Import-Module MSOnline
 
# Then connect 
Connect-MSOLService
(Get-MsolServicePrincipalCredential -AppPrincipalId [clientId] -ReturnKeyValues $true).EndDate.ToShortDateString() | select -first 1

This (almost) one-liner will get all valid entries with your clientId (it’ll probably return 3 service principals), then fish out their end dates, and pick the first one.

You should get just a short date in response.

 

But wait! What if you don’t have MSOnline (Azure AD v1 cmdlets) installed? What if you hate legacy technology, and want to only use the coolest new commandlets? I actually got a question about this on Twitter – how to query the end date with Azure AD v2 cmdlets?

Azure AD v2 (AzureAD)

It’s not that difficult, luckily! See below for a script sample:

# This is only needed, if you don't have AzureAD (v2) cmdlets installed already
Install-Module AzureAD
 
# If you have them already, we'll import the package
Import-Module AzureAD
 
# Then we connect, and query for the service principals
Connect-AzureAD
(Get-AzureADServicePrincipal -All $true -Filter "appId eq '[clientId]'").KeyCredentials.EndDate.ToShortDateString() | select -first 1

Not that complicated either! You should get just a short date in response.

Note that you’ll need to use single quotes for the filter statement – otherwise PowerShell will fail miserably at parsing your filter!

References

  • See the documentation for Connect-PnPOnline here.
  • Check out the docs for
    • AADv1 command Get-MsolServicePrincipalCredential here
    • AADv2 command Get-AzureADServicePrincipal here
  • See more information about SharePoint PnP commandlets here.
The following two tabs change content below.

Antti K. Koskela

Solutions Architect / Escalations Engineer at Koskila / Norppandalotti Software / Valo Solutions
Antti Koskela is a proud digital native nomadic millenial full stack developer (is that enough funny buzzwords? That's definitely enough funny buzzwords!), who works as a Solutions Architect for Valo Intranet, the product that will make you fall in love with your intranet. Working with the global partner network, he's responsible for the success of Valo deployments happening all around the world. He's been a developer from 2004 (starting with PHP and Java), and he's been bending and twisting SharePoint into different shapes since MOSS. Nowadays he's not only working on SharePoint, but also on .NET projects, Azure, Office 365 and a lot of other stuff. This is his personal professional (e.g. professional, but definitely personal) blog.

Let me know your thoughts!