Read this article before doing anything 🙂
https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/replace-an-expiring-client-secret-in-asharepoint-add-in
Awesome!
First of all, we need to delete the old registration on SharePoint by running this following script: The clientId here should matched with the clientid in your AppManifest file
import-module MSOnline
$spURL = ‘https://devdevdev.sharepoint.com/sites/dev’
$adminUsername = ‘admin@devdevdev.onmicrosoft.com’
$password = ‘yourpassword’
$clientId = ‘f4243af8-dcb4-4e0d-be5a-4f37cca04ca8’
$securestring = ConvertTo-SecureString $password -AsPlainText -Force
$msolcred = new-object -typename System.Management.Automation.PSCredential -argumentlist $adminUsername, $securestring
connect-msolservice -credential $msolcred
$keys = Get-MsolServicePrincipalCredential -AppPrincipalId $clientId -ReturnKeyValues $false | Where-Object { ($_.Type -ne “Other”) -and ($_.Type -ne “Asymmetric”) }
foreach ($key in $keys)
{
$keyId = $key.KeyId.ToString()
Write-Host “Deleting key ” $keyId
Remove-MsolServicePrincipalCredential -KeyIds @($keyId) -AppPrincipalId $clientId
}
$servicePrincipal = Get-MsolServicePrincipal -ServicePrincipalName $clientId
Remove-MsolServicePrincipal -ObjectId $servicePrincipal.ObjectId
#Remove-MsolServicePrincipalCredential -KeyIds @(“KeyId1″,” KeyId2″,” KeyId3″) -AppPrincipalId $clientId
$bytes = New-Object Byte[] 32
$rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rand.GetBytes($bytes)
$rand.Dispose()
$newClientSecret = [System.Convert]::ToBase64String($bytes)
$dtStart = [System.DateTime]::Now
$dtEnd = $dtStart.AddYears(3).AddDays(-1)
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
$newClientSecret
Now, I have the new client secrect look like this: QDUgCbuyXLDwVFsWlrXMmrpYkvVP+VsUSOPp3vsXbDE=
It’s time to go to all of your backend web.config and update their ClientSecret

Now, go to your tenant and register it with new ClientSecrect:

Now, everything should work like before it’s expired!!!!