MS Teams Bot - invalid_client_credential error

Robert Stevens 20 Reputation points
2024-06-06T08:56:36.9466667+00:00

Hi, I have create a MS teams application that has a bot and a tab app.

The bot is registered on botframework.com and is self hosted on AWS. I have created a dev app package using the Teams Toolkit in VS Code.

If install the zip file via custom upload in MS Teams and keep keep the "message endpoint" (in botframework.com) to point the dev tunnel one, e.g. https://xxx.devtunnels.ms/api/messages (which points to my local machine), the bot sends a welcome message to the channel as expected.

I then remove the bot from MS teams, and update the "message endpoint" in botframework.com to point to the dev URL, e.g. https://dev.bot.com/api/messages and reinstall the bot via the zip file, I get the following error in the logs:

unhandled error ClientAuthError: invalid_client_credential: Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential


In botframework.com, I use the "test feature" and send a message to the bot while keeping the "message endpoint" pointed to my dev URL. The log then shows no error, and shows the message etc.

I don't understand where this error is coming from. I checked that the bot is being initialised with the correct bot ID + Password - since the error speaks towards a client credential, I'm not sure what client it's referring to.

I know in .env.dev.user file there is a SECRET_BOT_PASSWORD which is basically the bot password that is being used to initialise the bot e.g.

import { BotBuilderCloudAdapter } from "@microsoft/teamsfx";
import ConversationBot = BotBuilderCloudAdapter.ConversationBot;
import config from "./config";

// Create bot.
export const notificationApp = new ConversationBot({
  // The bot id and password to create CloudAdapter.
  // See https://aka.ms/about-bot-adapter to learn more about adapters.
  adapterConfig: {
    MicrosoftAppId: config.botId,
    MicrosoftAppPassword: config.botPassword,
    MicrosoftAppType: "MultiTenant",
  },
  // Enable notification
  notification: {
    enabled: true,
  },
});

Those values are being set and are correct. And corresponds to what is saved in Azure under "Certificates & Secrets" -> "Client Secrets".

Note only that secret is saved there, no certificates etc.

Please let me know if you need more information.

Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
2,963 questions
{count} votes

Accepted answer
  1. Q&A Assist
    2024-06-06T08:56:36.9566667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The error message "invalid_client_credential: Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential" suggests that the bot is being initialized with an empty client credential. This could be because the bot is being initialized with an incorrect bot ID or password. Please double-check that the bot ID and password being used to initialize the bot are correct. Also, ensure that the bot ID and password are being set in the correct location.

    It's possible that the issue is related to the certificates and secrets being used to authenticate the bot. Please ensure that the correct client secret is saved in Azure under "Certificates & Secrets" -> "Client Secrets". Note that only the secret should be saved there, not certificates or other credentials.

    References:

    0 comments No comments

0 additional answers

Sort by: Most helpful