Why does AcquireToken with ClientCredential fail with invalid_client (ACS50012)?

Question

Why won\'t my Azure AD application allow an oauth client_credentials grant?

I want to use the Azure Graph API, but first I need an oauth token. To get the token, I am tr

Answer 1

The azure version of the translator has changed things once more- the Oauth token request uses a new url and only needs your secret key, instead of all the other baggage. This page discusses it (but using PHP code): http://www.bradymoritz.com/php-code-for-bingmicrosoftazure-translator/

The key items are:

1. Post an empty request to https://api.cognitive.microsoft.com/sts/v1.0/issueToken
2. Pass it your secret key using the header "Ocp-Apim-Subscription-Key: "
3. Or, just use the querystring parameter: "Subscription-Key="

Then get the body of the return as the actual token- it's the whole body, not in json format.

This is a lot simpler than the method used before, but it'd definitely a pain that things have yet again changed.

Answer 2

This turned out to be an error in Windows Azure, there was nothing wrong with my code or config.

After Microsoft fixed the problem in Azure, I had to create a new application and it started working.

Forum answer from Microsoft:

Hi,

We are seeing some errors with applications created in a several day time range, ending yesterday. We are continuing to fix up these applications but I don't have a good eta when this will be done. I'm apologize for the impact here.

Can you try creating a new application and retying the operation with the new client id?

thanks

Answer 3

I was having the same issue but only running the code directly from Azure (inside an Azure Website).

I solved upgrading 'Microsoft.IdentityModel.Clients.ActiveDirectory' package to '2.6.1-alpha'

Answer 4

Have a look at this link: https://azure.microsoft.com/en-gb/documentation/articles/resource-manager-net-sdk/

The latest version of Active Directory Authentication Library does not support AcquireToken method, instead you have to use AcquireTokenAsync method.

var result = await authenticationContext.AcquireTokenAsync(resource: "https://{domain}.onmicrosoft.com/{site-if applicable}", clientCredential: credential);