OAuth Authentication Failure - Invalid client secret

 Problem

An agent using an app registration for OAuth fails with the following error message:

A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '<GUID>'.

 Solution

The client secret configured in the agent’s app registration does not match the client secret in Azure Portal.

1. In a browser, navigate to https://portal.azure.com, then go to Azure Active Directory > App registrations.

2. On the right-hand side, select the app you are using in PeopleSync.

3. In the overview screen, verify that the tenant id and application (client) ID displayed are used in the app registration in PeopleSync Console.

4. Go to Certificates & secrets.

5. Select New client secret to create a new secret.
   
   

   Open

   

    

6. In the Add a client secret dialog, enter a description and validity period for the secret. Then click add.
   
   

   Open

   

7. The client secret will now be shown in the client secrets list. Click on the copy icon to copy the client secret’s value and keep it for reference. This will be needed for PeopleSync.
   
   

8. In PeopleSync Console, navigate to Agents > App registrations.

9. Open the app registration you are using in the failing agent and replace the client secret with the one you just created.

 Related articles