Overview
This article explains why the user does not receive notifications from Auth0 when a Microsoft Azure AD (Active Directory) connection Client Secret expires. Auth0, as the identity provider, uses the Client Secret to authenticate with Azure AD but does not manage its lifecycle. The following error may appear if the Client Secret expires: AADSTS7000222: The provided client secret keys are expired
Applies To
- Connections
- Microsoft Azure AD
Cause
The Client Secret is a credential for the application registered in Microsoft Azure AD, and the notification system for its expiration is handled by Microsoft Azure AD. Auth0 uses the Client Secret to communicate with the Azure AD application, but it does not manage the secret’s lifecycle. Azure AD generates the error and sends it to Auth0, which then passes it along to the user.
Solution
The Client Secret expiration date can be found in the Microsoft Azure AD console. To find the expiration date, follow the steps below:
- Navigate to the App registrations section.
- Select the desired application from the list.
- In the left-hand navigation pane, select Certificates & secrets.
- Select the Client secrets tab.
