AADSTS50012: Invalid client secret is provided when moving from a Test App to Production

14
votes

I have two applications registered under the Azure Portal: a test version and a production version. My test App works fine with the Client Id and ClientSecret/AppKey that I got from the test app's detail from Azure Portal. However when I move to the production one as I replace the ClientId and Secret values with the one specified by the production App I registered, I suddenly get an error:

AdalServiceException: AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided

But I'm fairly sure that my client secret is correct as I just copied and pasted from the Portal. Is there any solutions to this?

5
azureweb-applicationsasp.net-mvc-5azure-web-app-serviceazure-ad-graph-api

5 Answers

30
votes

Encode your secret ( e.g. replace + by %2B , = by %3D etc)

10
votes

Have you tried simply regenerating the secret?

The error here is pretty straightforward and I do not think it is a fault with AAD.

Let me know if this works out for you!

0
votes

In my case I had 2 keys. I created a third one, that didn't work. Finally I removed all keys and created a new one, but, just one. Then it worked.

0
votes

The problem is the Expire time of the secret. With 6,12,18 months there is no problem, I am using azure-cli 2.26.0 With 24 months you get the error:

{"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: fef57aee-deeb-47fa-ae05-ba8427cd4300\r\nCorrelation ID: ba3cc2d5-1594-4af3-be2b-3b35e8d40e06\r\nTimestamp: 2021-10-23 18:18:27Z","error_codes":[7000215],"timestamp":"2021-10-23 18:18:27Z","trace_id":"fef57aee-deeb-47fa-ae05-ba8427cd4300","correlation_id":"ba3cc2d5-1594-4af3-be2b-3b35e8d40e06","error_uri":"https://login.microsoftonline.com/error?code=7000215"}

-1
votes

Please check you tenant Id and audience id from your config. You may still have a reference to the test environment.