While Trying generate token Using App registration Azure Causing issue in Power Automate

Question

We created a App registration And used that to generate token in power Automate Using API call But While Calling API registration causing Issue App secret Expired Removed and Added New Secrets still the Same Issue Tried New Secrets Multiple Times But same Issue

Http request failed as there is an error getting AD OAuth token: 'AADSTS7000222: The provided client secret keys for app '5d19ca04-2ac0-4212-9cd8-d4c683436ca5' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: f279f3f6-efba-4d5f-8568-027b227a6f00 Correlation ID: 29d49f08-dc50-4aed-81d7-482207957069 Timestamp: 2026-04-06 12:10:31Z'.

Answer 1

Hey Ashik, it looks like Azure is still complaining that your client secret is expired even though you’ve created a new one. Here are a few things to check and try:

1. Verify the new secret in Azure AD • Go to Azure portal > Entra ID > App registrations > your app > Certificates & secrets. • Confirm the new secret is listed and hasn’t expired. Copy its full value right after you create it—once you leave the blade you can’t view it again.
2. Update the secret in your Power Automate flow If you’re using a Custom Connector: • In Power Automate, go to Data > Custom Connectors > your connector > Edit. • On the Security tab, paste the new client secret in the “Client secret” field, save and re-publish. • Then edit your flow’s connection and re-authenticate using the updated connector. If you’re using the built-in “HTTP with Azure AD” action: • Edit the HTTP action, expand “Azure AD” auth settings, and replace the old secret with the new one. • Save the flow and trigger it again.
3. Allow time for propagation Fresh client secrets can take a few minutes to become effective. If you test immediately after creation you may still hit the old-secret-expired error.
4. Test outside of Power Automate Run a quick cURL or Postman request to isolate the issue: POST https://login.microsoftonline.com/{YOUR_TENANT_ID}/oauth2/v2.0/token Body (x-www-form-urlencoded): • grant_type=client_credentials • client_id={YOUR_CLIENT_ID} • client_secret={YOUR_NEW_SECRET} • scope=https://api.powerplatform.com/.default If this still returns AADSTS7000222, you know the problem is on the secret itself (e.g. wrong value or you copied an old/expired one).
5. Consider certificate-based auth For longer-lived credentials and better security, you can switch from client secrets to certificate credentials: https://aka.ms/certCreds

Follow-up questions if you’re still stuck:

• Are you 100% certain you updated the active connection or connector with the new secret?

• Did you test the new secret with Postman/cURL outside of Power Automate?

• How long ago did you create the new secret? Could the old one still be cached somewhere?

• Are there multiple secrets on the app and might you be accidentally using the wrong one?

References

• Request an access token from Power Platform: https://learn.microsoft.com/power-platform/admin/programmability-authentication-v2#step-5-request-an-access-token

• Create a new client secret (AADSTS7000222): https://aka.ms/NewClientSecret

• Certificate credentials for apps: https://aka.ms/certCreds

Hope this helps! Let me know what you find.

Note: This content was drafted with the help of an AI system. Please verify the information before relying on it for decision-making.

Answer 2

Ashik J According to the error AADSTS7000222, the client secret used by the application has expired. If the application ID cannot be found in the Azure portal, this usually means you are either signed into the wrong Microsoft Entra ID tenant or you are viewing Enterprise Applications instead of App registrations.

Please try the following steps:

1. In the Azure portal, use the Directory switcher (top right) to ensure you are in the correct tenant where the app was originally registered.
2. Go to Microsoft Entra ID → App registrations → All applications and search using the Application (client) ID from the error message.
3. Once you locate the app, navigate to Certificates & secrets and create a new client secret. Make sure to copy the secret Value immediately (it is shown only once).
4. Update the client_secret in Power Automate (HTTP action / connection / custom connector). Power Automate does not automatically pick up new secrets until this is updated.

Note: The iss claim in a JWT represents the issuer (tenant), not the client ID. The client ID is typically found in the appid or azp claim.

If you have any further questions, please feel free to comment.