New client secret not updating in SharePoint online for SharePoint Addin


My client has a custom provider hosted SharePoint Addin.


This is an ASP.NET MVC app that is hosted in their Azure environment. The solution was created using the Visual Studio 2015 SharePoint Addin project template. The solution was successfully deployed into production and working for a year. Unfortunately, no one had realised the initial client secret is only valid for a year.


After a year we suddenly started getting this error.

Invalid JWT token. Could not resolve issuer token.

It turns out this error is thrown when the client secret has expired.

I then followed the guide set out on this page


Using this part of the guide as the client secret had already expired (i.e. I wasn't renewing it, but replacing it)


"Create a client secret that is valid for three years"


Running the Powershell scripts seemed to be successful. I was able to identify that the client secret had expired. I was able to delete the existing one, create the new client and update the ASP.NET application. Running the script again also showed that the new secret had been created and was now valid for 3 years.

I waited 24 hours and then ran the ASP.NET application, but it still returned the same error. I installing the SharePoint Addin into a different site collection and it still had the same error. Also on the details of the SharePoint Addin it says "This App's credentials have expired"


Has anyone had a similar experience or know if the documentation is missing an important step that fixes this.


4 Replies

It could be you'd have to do some clean up of previous secrets as described in the following blog. This one helped me out several times already...

Thanks for the reply.


I have tried that too, but didn't work either :(

I'm sorry, I was too fast, didn't read you already tried that...

Did you resolve this issues?  we have this exact same issue and have carried out the same steps :(