Invalid client secret provided.

Ajith SP 0 Reputation points

AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '18da3ea1-96b3-4ae3-99d7-d9253f3fbe42'. Trace ID: 8184216b-4c6b-40e5-ad7b-f2a7a69f3200 Correlation ID: 58f16a27-870d-4730-aada-8c18245e8e7d

Getting above error even after adding correct client secret. Below is the code I have used to connect to Graphclient. Please help me resolve this issue.

final ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
	final TokenCredentialAuthProvider tokenCredentialAuthProvider = new TokenCredentialAuthProvider(clientSecretCredential);

	final GraphServiceClient<Request> graphClient =

	final User me =;
	final Drive result = graphClient
	public Drive getuser() {
		return graphClient
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,776 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Gopinath Chennamadhavuni 2,431 Reputation points

    Hi @Ajith SP,

    Thank you for your post!

    When it comes to your error message - AADSTS7000215: Invalid client secret provided, AADSTS7000215 is an error code that indicates that the client secret provided for authentication is invalid. Can you make sure that you're passing the client_secret using a web app or web API, it shouldn't be used in a native app, because client_secrets can't be reliably stored on devices.

    For more info - Get access and refresh tokens.


    If you are still running into same issue, please check the below steps:

    1. If you have added the correct client secret and it is still not working, you can try adding a new client secret to see if you still receive the error. 185377-image.png
    2. Confirm that you are adding the client secret value and not the Secret ID. 185364-image.png
    3. Make sure the URL is encoded properly. If the secret has special characters, they need to be URL encoded. If you don't encode the URL, one workaround is to regenerate a secret that mostly just has upper and lower case letters.
    4. Check that the expiration time is set to six, 12, or 18 months, as a few users have reported seeing issues setting the expiration time to 24 months.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.