Share via

Azure app registration shows app with expired certificates & secrets

Supriya K 0 Reputation points
2023-02-20T09:58:46.8766667+00:00

Hi,

AADSTS7000222: The provided client secret keys for app 'xxxxx' are expired.

I get this error, when I run my APIs. The registered app has active client secrets (not expired yet). However, the app flags as expired with certificates and secrets.

Appreciate your help.

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,798 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 36,846 Reputation points Microsoft Employee
    2023-02-21T21:35:52.55+00:00

    Hi Supriya K ,

    I understand that you are receiving the "AADSTS7000222" error even though your client secrets are active and not expired.

    I have seen this behavior a few times before when there were issues with the app registration. If the service principal is not updated with the correct URLs or if the URLs have spaces or additional slashes, this error can get thrown. If this is the case, I would recommend first checking the attributes in the app registration for anything out of the ordinary, and if this does not work, re-registering the application. If that does not work, it would help if you captured a fiddler trace with an incognito session.

    A recent customer described the same behavior you are describing, and the customer had to resolve the issue by creating a new service principal and client secret key.

    I would also check the settings under in the app registration under Advanced settings > Default client type. > Treat application as a public client and verify if you have set this to "No" or changed the settings. If you have changed these settings, that may cause the issue. It is not recommended to Enable/Disable “Allow public clients" flows. If you toggle the setting back you might see different results but may still need to recreate the app registration. https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-faq

    If none of these suggestions work, feel free to reach out to me at AzCommunity@microsoft.com ("Attn: Marilee Turscak") and include your Subscription ID and I can help troubleshoot or get a support case opened.

    -

    If the information helped you, please Accept the answer. This will help us as well as others in the community who might be researching similar information.

    0 comments
  2. SAPTAK BANERJEE 0 Reputation points
    2023-08-14T05:19:41.5433333+00:00

    The error message "AADSTS7000222: The provided client secret keys are expired" is related to Microsoft's Azure Active Directory (AAD) authentication service. This error occurs when the client secret keys used to authenticate an application have expired. Client secret keys are typically used in confidential client applications, such as web applications and services, to securely authenticate with Azure AD.

    Here are some steps you can take to resolve this issue:

    Generate New Client Secret: Log in to the Azure portal, go to your application's registration (App Registration) page, and generate a new client secret. Replace the old client secret with the new one in your application's configuration.

    Update Configuration: If you're using the client secret in your application's code or configuration, make sure to update it with the new secret.

    Update Expiry in Your Application: If your application caches the client secret expiration date, update it to reflect the new expiration date.

    Update Key Vault or Secret Manager: If you are storing the client secret in Azure Key Vault or a similar secret management system, ensure that the expired secret is removed and the new secret is added.

    Update Authentication Flow: If you are using OAuth 2.0 or OpenID Connect for authentication, ensure that your application's authentication flow includes the new client secret.

    Update App Configurations: If your application uses environment variables or configuration files to store the client secret, update these configurations with the new secret.

    Check Time and Date Settings: Make sure the system time and date settings on your server or machine are accurate. Expired tokens might be validated against the local system time.

    Check Azure AD Portal Settings: Double-check the settings in the Azure AD portal to ensure that there are no misconfigurations causing this issue.

    Consider Other Authentication Methods: If you consistently encounter issues with client secret expiration, you might want to explore other authentication methods like certificate-based authentication.

    0 comments
  3. Ted Spradley 5 Reputation points
    2023-08-19T20:44:09.26+00:00

    Screenshot-Azure-Portal

    There is no "App Registration" page or "Registration" page of any kind. Azure portal screenshot attached. Instructions such as "Log in to the Azure portal, go to your application's registration (App Registration) page, and generate a new client secret. Replace the old client secret with the new one in your application's configuration." must be accompanied with screenshots. Edit: added screenshot

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.