Hello,
In our code we perform the following
- Create an App Registration in Azure Active Directory
- Create the service principal for the app
- Create a secret for the App
Then using the appId and secret we generate oauth token. While generating the oauth token I am getting the error
--------------------------------------------------------------------------------
{
"error": "invalid_client",
"error_description": "AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '24a9c109-0635-4718-9e4d-08b5a7eb82c9'.\r\nTrace ID: 53e865df-c508-4d02-9187-8e186f228400\r\nCorrelation ID: 630ccd43-0032-45f5-a3e4-11a431696d5f\r\nTimestamp: 2023-04-27 23:48:42Z",
"error_codes": [
7000215
],
"timestamp": "2023-04-27 23:48:42Z",
"trace_id": "53e865df-c508-4d02-9187-8e186f228400",
"correlation_id": "630ccd43-0032-45f5-a3e4-11a431696d5f",
"error_uri": "https://login.microsoftonline.com/error?code=7000215"
}
--------------------------------------------------------------------------------
The time line of events are as follows
At time 2023-04-27T23:48:26.525Z The secret was created.
At time 2023-04-27T23:48:32.315Z (~5sec delay after the secret was created) I tried to fetch the token, but it failed with error AADSTS700016. This error is treated as a retryable error, hence the client tries next time
At time 2023-04-27T23:48:42.554Z (~ 10sec delay after the 2nd request), this time the request failed with AADSTS7000215.
I can confirm that I am passing the secret and not the secret ID in the request.
We set an expiration time of 24 months on the secret.
We use golang sdk to perform all the operations. To get the token we are using (github.com/Azure/azure-sdk-for-go/sdk/azidentity) this package.
Questions:
- Should this error code AADSTS7000215 be also treated as a retryable error code?
- Does it take time for the Azure system to sync the secret too? In case of App registrations we have seen that it takes time for the App/service principal to sync in the system and hence we are treating error code AADSTS700016 as retryable.