Microsoft Graph REST API invalid client secret Microsoft Graph REST API invalid client secret curl curl

Microsoft Graph REST API invalid client secret


The post you provided is leveraging AAD V2 endpoint. But according your code snippet, you were using V1 endpoint https://login.microsoftonline.com/f02....e3/oauth2/token. For acquire access token via V1 endpoint, you can refer to https://graph.microsoft.io/en-us/docs/authorization/app_authorization for more details.

For the V2 authorization endpoint, you may check out the endpoints you are using:

GET https://login.microsoftonline.com/common/oauth2/v2.0/authorize?...

POST https://login.microsoftonline.com/common/oauth2/v2.0/token

And also it is required a v2.0 ad application:

This article assumes a v2.0 registration, so you'll register your app on the Application Registration Portal.


It was due to client_secret. It may contain special characters.

The encodeURIComponent() function encodes a URI component.This function encodes special characters. In addition, it encodes the following characters: , / ? : @ & = + $ #

Use the below one:

encodeURIComponent(client_secret);


I am using the npm package:

Microsoft Azure Active Directory Passport.js Plug-In

with the v1 tenant-specific endpoint.

I was initially receiving the same error message after successfully logging into Microsoft: "Invalid Client Secret".

I was using the "Application ID" as the Client Secret. Then I discovered that you need to go onto the "Settings" tab in the Microsoft Azure Portal

Microsoft Azure

and create a new "Key". It doesn't matter what you name the key. When you click the "Save" button, the value of the key will be filled in the web form. Copy this right away, since it will not be displayed again if the web page is refreshed.

This is the "Client Secret" that you need to add to your configuration.