IT Error Decoder
Entra ID

How to Fix AADSTS7000215: Invalid client secret provided

Error message

AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID.

If you're seeing "AADSTS7000215: Invalid client secret provided", you're not alone. Here's what it means, why it happens, and the steps to resolve it.

What this error means

The client secret your app sent to the Entra token endpoint is wrong, expired, or you sent the secret's ID instead of the secret value.

Why this happens

Most common: copying the Secret ID instead of the Value (Entra only shows the value once at creation time), the secret has expired, or trailing whitespace got included when the secret was stored.

Step-by-step fix

  1. In Entra → App registrations → <app> → Certificates & secrets, generate a new client secret.

  2. Copy the Value (not the Secret ID) immediately — Entra only shows it once.

  3. Update the secret in your app/key vault. Ensure no trailing whitespace was included.

  4. Restart the app or reset cached tokens so the new secret is used.

Affected products

Entra ID

Still broken? Try these

  • Switch from a client secret to a certificate or, better, a managed identity. Secrets expire and leak; certs and managed identities don't have those problems.
  • Check tenant policy — secret lifetimes can be capped to 6 months or 24 hours by policy.
  • Confirm you're hitting the right tenant in the authority URL.

Related errors

Frequently asked questions

What does "AADSTS7000215: Invalid client secret provided" mean?

The client secret your app sent to the Entra token endpoint is wrong, expired, or you sent the secret's ID instead of the secret value.

What causes "AADSTS7000215: Invalid client secret provided"?

Most common: copying the Secret ID instead of the Value (Entra only shows the value once at creation time), the secret has expired, or trailing whitespace got included when the secret was stored.

How do I fix "AADSTS7000215: Invalid client secret provided"?

1. In Entra → App registrations → <app> → Certificates & secrets, generate a new client secret. 2. Copy the Value (not the Secret ID) immediately — Entra only shows it once. 3. Update the secret in your app/key vault. Ensure no trailing whitespace was included. 4. Restart the app or reset cached tokens so the new secret is used. Always test changes in a non-production environment first.

Browse more errors in Entra ID: Fix Microsoft Entra ID (Azure AD) errors. AADSTS error codes, admin consent, app role assignment, Conditional Access, and user lookup problems. Or paste your own error into the error decoder tool to find a match. You can also go back to the homepage to browse common errors by topic.