Invalid client secret is provided when using correct and not expired secret
I have Azure App Registration with active secret.
I'm trying to obtain token using v1.0 like below (clientId is an ID of the above App Registration)
$body = @{
grant_type = 'client_credentials';
client_id = $clientId;
client_secret = $clientSecret;
resource = $resourceId;
}
$aadResponse = Invoke-WebRequest -Uri "https://login.microsoftonline.com/$aadtenantId/oauth2/token" -Method POST -Body $body -UseBasicParsing
After regenerating credential using az ad app credential reset --id XXX everything works as expected - token is properly obtained.
However, in Azure Devops I got the following error while getting values from KV
Then I'm going to Azure Devops Service Connection and with edit, verify and save I'm able to connect with KV without any further changes.
However, this action breaks initially working get of token (as described above).
I'm 100% sure:
- Password is correct
- I'm really using a password, not its id
- Encoding password doesn't help
- There is no other action except
verifyservice connection - I'm using Failed to obtain the JWT by using the service principal client ID as a reference to Service Connections
What am I doing wrong?
I can also reproduce your issue on my side.
After regenerating the client secret with az ad app credential reset --id XXX, I suppose you should get the error as below when you click the Verify in your service connection Azure Resource Manager using service principal (automatic).
As shown on the service connection page, you created it with the automatic way, if you regenerate the client secret, you need to create a new service connection with the manual way to solve the issue.
You can obtain the values on the keyvault page and your AAD App page. For the Service principal key, it is the client secret you regenerated, you could not get it again if you didn't save it, if so, you need to regenerate a new one.
After fixing the values, verify and save.
Then use the new service connection in the AzureKeyVault@2 task, it works fine.
- Listing the Tables in the Storage Account using ADF Web Activity is failed with an authorization error
- Terraform with Azure Key Vault to get secret value
- No value provided for parameter `container_name` in the Get Metadata1 activity
- Pagination with oauth azure data factory
- Using Managed Identity to connect to a queue from a WebJob
- How to integrate GPT-4 model hosted on Azure with the gptstudio package?
- Azure - Virtual network Gateway vs VPN gateways
- Azure CLI won't login on MacOS
- Replicating Azure SQL DB and blob storage in multi region setup
- Reading Azure Entra ID Diagnostic Settings
- Azure Traffic Manager Endpoint: The following locations specified in the geoMapping property for endpoint are not supported
- Assign specific agent on Azure DevOps YAML Pipelines
- GetBlob request is failing, when PutBlob and ListBlob are successfull
- Scheduled alert rule created in Terraform doesn't work
- New NIC with public IP has no internet connection, while existing NIC works fine
- BlobClient#generateSasUrl automatically %-encode blob path
- How to do copy of all the containers without explicitly mentioning in the array between two different storage accounts
- Azure Application Gateway WAF with False Positive on SQL Injection
- Application ID URI Throwing Error in Azure AD App Registration using Terraform
- Is it possible to use email name other than "DoNotReply" in Azure Email Communication Services?
- installing an SSL on Azure ubuntu web server
- How do I add a Spring Initializr dependency (eg Microsoft Azure) after the project is created?
- NvidiaGpuDriverLinux fails to install on NC6 instance
- How to get client secret expiry date using the azure AD graph API
- Can't get OneNote data using graph api from microsoft
- Adding Custom Python library in Azure Synapse
- Cannot run .NET Core application on Linux in Azure App Services with linuxFxVersion: 'DOTNETCORE:8.0'
- Unable to connect from Azure data factory to postgres flexible server using private endpoint
- Microsoft graph return "access token is empty"
- How to use empty disk spaces under /dev/sdb1 on Azure?