This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 7.000000000000001%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Hi All,
I have created an Azure App Registration and would like to use it in my script. I have saved the client secret in a text file located at C:\temp\key.txt, and I encrypted the secret using the following command.
$keyfile = 'C:\temp\key.txt'
Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File $keyfile
Then, in my script, I am using the following lines:
$ClientId = "111111111111111111"
$ClientSecret = Get-Content "C:\temp\key.txt" | ConvertTo-SecureString
$TenantId = "2222222222222222"
However, when I run the script, I get the following error when i decrypt my client secret i am getting the correct value.
invoke-RestMethod: {"error":"invalid_client","error_description":"AADTS8987345: invalid client secret provided.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 90%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAZ%3C/text%3E%3C/svg%3E)
Hello, @Glenn Maxwell,
Just wanted to check if the answer shared below helped. If it helped, then would request you to please "Accept the answer" as it would be helpful to others in the community as well.
Best Wishes,
Alex Zhang
Hello, @Glenn Maxwell,
Is there any update on this thread? If the issue has been resolved, please mark the helpful replies as answers, this will make answer searching in the forum easier and be beneficial to other community members as well. Thanks for your understanding.
Best Wishes,
Alex Zhang
It looks like the issue might be related to how the client secret is being read and used in your script. Here are a few things to check and try:
C:\temp\key.txt is correct and hasn’t expired. You can do this by generating a new client secret in the Azure portal and updating your text file.ConvertTo-SecureString with the -AsPlainText and -Force parameters if the secret is stored as plain text.
`$ClientSecret = Get-Content "C:\temp\key.txt" | ConvertTo-SecureString -AsPlainText -Force`
`$TenantId = "2222222222222222"`
`$body = @{`
` client_id = $ClientId`
` client_secret = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($ClientSecret))`
` tenant_id = $TenantId`
` grant_type = "client_credentials"`
`}`
ClientId, ClientSecret, or TenantId.![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Depending on the contents of the key you might have to encode the key contents in the same way you do when you create a URL. E.g., some characters may need to be "escaped", such as "%".
Add-Type -AssemblyName System.Web
$encodedURL = [System.Web.HttpUtility]::UrlEncode($ClientSecret)