Azure AD with Implict flow and ROPG flow getting AADSTS7000215: Invalid client secret is provided

I have configured Azure AD using Native client and Web app/ Web API for Implicit flow (SPA) and Resource owner Password Grant flow to use both the scenarios

Using postman ROPG works fine and gets access token and id token, but when used with Implicit flow (SPA) it is returning as AADSTS7000215: Invalid client secret is provided : failed to obtain access token

but when I have followed this:

https://auth0.com/docs/connections/enterprise/azure-active-directory-native#2-define-a-native-client-application-in-azure-active-directory i it’s mentioned that no secret key is required, some document changed? how to get around this problem

Responding to this for future reference as we go through our historical backlog.

When it comes to your error message - AADSTS7000215: Invalid client secret provided , can you make sure that you’re passing the client_secret using a web app or web API, it shouldn’t be used in a native app, because client_secrets can’t be reliably stored on devices. For more info - Get access and refresh tokens.

Another potential reason posted by the user in the Microsoft forum stated that a plus sign inside your client’s secret can cause this error.

If you found this post helpful or interesting, please give it a like . Your interaction makes a difference. Have a wonderful day!

Dawid

Prefer how-to videos instead of written docs? We’ve got you covered! Check out our OktaDev YouTube channel for those helpful resources!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.