Share via

AADSTS7000222: The provided client secret keys are expired

Siegfried Heintze 1,906 Reputation points
2021-11-17T04:36:35.317+00:00

I'm trying to run my ASP.NET Core AAD/B2C client/server that was working last spring. They are failing with this: 

RequestFailedException: Service request failed. Status: 401 (Unauthorized) Content: {"error":"invalid_client","error_description":"AADSTS7000222: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app, or consider using certificate credentials for added security: https://learn.microsoft.com/azure/active-directory/develop/active-directory-certificate-credentials\r\nTrace ID: bd469a1c-fa29-4fc5-9a17-4e8ca63ed300\r\nCorrelation ID: a8c76037-c5d1-4ba3-93ae-a9aa20be5df1\r\nTimestamp: 2021-11-17 04:27:58Z","error_codes":[7000222],"timestamp":"2021-11-17 04:27:58Z","trace_id":"bd469a1c-fa29-4fc5-9a17-4e8ca63ed300","correlation_id":"a8c76037-c5d1-4ba3-93ae-a9aa20be5df1","error_uri":"https://login.microsoftonline.com/error?code=7000222"} Headers: Cache-Control: no-store, no-cache Pragma: no-cache Strict-Transport-Security: REDACTED X-Content-Type-Options: REDACTED P3P: REDACTED x-ms-request-id: REDACTED x-ms-ests-server: REDACTED Set-Cookie: REDACTED Date: Wed, 17 Nov 2021 04:27:57 GMT Content-Type: application/json; charset=utf-8 Expires: -1 Content-Length: 698

I tried some Bing/Google searching where they repeated what is in the error message: I need to create new keys for my app...

How do I do that?

Might this be related to this other issue: the-following-tenants-don39t-contain-accessible-su.html?

Thansk
Siegfried

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,517 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,841 Reputation points Moderator
    2021-11-17T07:07:29.01+00:00

    Hi @Siegfried Heintze • Thank you for reaching out and providing the detailed error information.

    By tracking the correlation & request ID, I found that the Client Secret for the application "ClusterServicePrincipal-todo-0002" was valid till 2021-10-12 02:28:27, due to which you are getting the AADSTS7000222 error.

    To resolve the error, you need to sign in to Azure Portal using Global Administrator or Application Administrator account and navigate to:

    Azure Active Directory > Application Registrations > Search for ClusterServicePrincipal-todo-0002 > Under Manage section, click on Certificates & Secrets > Under client secrets, click on + New client secret as highlighted below:

    150074-image.png

    If you have specified the old secret in any your application(s), you need to update your application code with the new code.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alan Morris 1,336 Reputation points
    2023-07-11T22:28:41.9266667+00:00

    Thanks for your assistance on this. This was exactly what my team was looking for.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.