Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,518 questions
Creating GraphServiceClient for a Client credentials provider, using a client secret not working
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 4%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIZ%3C/text%3E%3C/svg%3E)
Ignacio Zafra Jiménez
1
Reputation point
I'm migrating my project from using HTTP Direct calls to MSGraph endpoints to use MS Graph Java SDK 6.x
When using standard, recommended code for creating MsGraphClient (https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=java#client-credentials-provider) , I'm getting errors related to host no found. in local developement and in Server we get this error:
"java.lang.RuntimeException: java.util.concurrent.ExecutionException: com.microsoft.aad.msal4j.MsalServiceException: AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '717ab8d8-27a7-4b6e-8664-497e8318eab8'. Trace ID: 3108f99c-b17b-46f6-a252-6f88fa5e4500 Correlation ID: d324448f-91b2-416f-ad0c-1251edadc9a0 Timestamp: 2025-03-14 07:12:38Z at com.azure.identity.implementation.IdentitySyncClient.authenticateWithConfidentialClient(IdentitySyncClient.java:142) at com.azure.identity.ClientSecretCredential.getTokenSync(ClientSecretCredential.java:136) at com.microsoft.kiota.authentication.AzureIdentityAccessTokenProvider.getAuthorizationToken(AzureIdentityAccessTokenProvider.java:167) at com.microsoft.kiota.authentication.BaseBearerTokenAuthenticationProvider.authenticateRequest(BaseBearerTokenAuthenticationProvider.java:46) at com.microsoft.kiota.http.OkHttpRequestAdapter.getHttpResponseMessage(OkHttpRequestAdapter.java:741) at com.microsoft.kiota.http.OkHttpRequestAdapter.send(OkHttpRequestAdapter.java:302) at com.microsoft.graph.users.item.UserItemRequestBuilder.get(UserItemRequestBuilder.java:761) at com.microsoft.graph.users.item.UserItemRequestBuilder.get(UserItemRequestBuilder.java:747)
I don't have any problem to get AccessTOken in my current code, via HTTP, using my app credentials (client ID, client secrert, tenant), so I don't know why complaint about secretID is related. see snippet code below
String URLToken = "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/token";
URL url = new URL(URLToken);
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("POST");
Map<String, String> parameters = new HashMap<>();
parameters.put("tenant", tenant);
parameters.put("client_id", general.getClientId());
parameters.put("scope", "https://graph.microsoft.com/.default");
parameters.put("client_secret", general.getClientSecret());
parameters.put("grant_type", "client_credentials");
Which detail I'm missing in my code using azure-indentity? I'm using Entra ID free version, I only have my app registered.
{count} votes
-
CarlZhao-MSFT 46,326 Reputation points2025-03-17T02:05:58.5866667+00:00 You should use the client secret value instead of the client secret ID. Please check.
Sign in to comment
Sign in to answer