locked
"Invalid_Client" error when trying to authenticate RRS feed

  • Question

  • When attempting to get an access token, I wind up with an "invalid client" error response.

    I've double and triple checked my Client ID and Secret, and I've tried creating a new application and testing with that as well. Same error. I've tried setting strict_ssl to false to see if that made a difference, but no, same error. I've also tried construction the POST request with the Google Chrome REST Client, and I've tried using existing libraries designed to connect to MS Translator as well. In all cases, same error. So I'm pretty convinced at this point it's likely not my code that's the problem -- maybe something to do with the application I've set up? Regardless I'm stumped.

    In case it IS the code, though: 

    My app is written in node.js, and I'm using the widely-used 'request' library to handle http requests. Here's the relevant code, with MY_CLIENT_ID and MY_CLIENT_SECRET replacing the real values:

    function getAccessToken(clientId, clientSecret, callback) {
      console.log("CID: " + encodeURIComponent(clientId) + " / CS: " + encodeURIComponent(clientSecret));
      request.post({
        url: "https://datamarket.accesscontrol.windows.net/v2/OAuth2-13",
        form: {
          "grant_type": "client_credentials",
          "client_id": encodeURIComponent(clientId),
          "client_secret": encodeURIComponent(clientSecret),
          "scope": "http://api.microsofttranslator.com"
        }
      }, function(err, resp, body) {
        if(err) return callback(err);
        try {
          var accessToken = JSON.parse(body).access_token;
          if(accessToken) {
            callback(null, accessToken);
          } else {
            callback(body);
          }
        } catch(e) {
          callback(e);
        }
      });
    }
    
    getAccessToken("MY_CLIENT_ID", "MY_CLIENT_SECRET", function(err, accessToken) {
      if (err) {
        console.log("error: " + err);
      } else {
        console.log("Got access token: " + accessToken);
      }
    });

    I get the following error upon running the script:

    {"error":"invalid_client","error_description":"ACS50012: Authentication failed.\r\nTrace ID: 11b92b2f-9441-473b-a1b0-3a2f3be6c48a\r\nCorrelation ID: eb3b32fa-ea6a-4ab7-aca6-bcbcd70be71b\r\nTimestamp: 2015-11-20 19:26:49Z"}

    Any ideas what might be wrong?

    Tuesday, November 24, 2015 1:09 PM

All replies

  • I had a similar problem when authenticating using IOS Swift. My problem ended up being the encoding of the clientID and clientSecret. I needed to customize the character set for encoding. Code below:

    let customAllowedSet = NSCharacterSet(charactersInString:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnioqrstuvwxyz0123456789_!*'();:@$,#[]+=/")

    Not sure if this is the problem, and not sure how to customize the encoding for Java.

    Your error code in MSDN says:

    Authentication failed. (There may be more details in the message.)

    When a multi-tenant application tries to acquire a token to access the Graph API for an Azure AD tenant that has recently consented to the application, the token request might fail temporarily with error ACS50012. To resolve the problem, wait a few minutes and try again. Or, have the tenant administrator who provided consent log on to the application after consenting.

    Wednesday, December 2, 2015 8:43 PM