Hi @Yashovardhan Mopur ,
Thanks for your post! As you correctly noted, the error message "AADSTS7000215: Invalid client secret provided." means that the client secret is incorrect or expired either in the app registration or in a different reference.
To resolve this issue, you should validate that your app registration has the correct value recorded for the client secret and ensure that all of the following values are correctly configured:
Then, since you are using Key Vault, you need to create a secret with a name of your choice in the Key Vault and copy the client secret from the app registration into the “value” field of the Key Vault secret. https://learn.microsoft.com/en-us/azure/databricks/sql/admin/data-access-configuration#--configure-a-service-principal
See example:
PUT https://myvault.vault.azure.net//secrets/crpsecret?api-version=7.4
{
"value": "mysecretvalue"
}
If you have already done these steps and verified that the client secret in the app registrations matches the value field in the Key Vault secret, you can troubleshoot the following:
- Verify that the unexpired secret's expiration date is reflecting properly. You can check the expiration date of the client secret in the Azure portal and generate a new secret if it has expired.
- Ensure that the client secret is not being modified or corrupted during copy-pasting. Sometimes extra spaces or characters can be added while copying the client secret. Validate that the client secret is copied correctly and without any extra characters.
- Check if the client secret is being referenced correctly in all of your config settings. Ensure that the client secret is being referenced by its value and not its ID.
If none of the above steps work, please provide more information about and screenshots of your app registration so that I can assist you better.
If you would prefer, you can reach out to me at AzCommunity@microsoft.com ("Attn: Marilee Turscak") and include your subscription ID and a link to this thread.
Additionally, there are some good external resources on the databricks forums: https://community.databricks.com/s/question/0D53f00001lvKfHCAU/how-do-i-configure-an-azure-databricks-external-metastore-to-use-a-service-principal-rather-than-a-sql-user-for-authentication
If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar information.