I'm trying to authorize my application to query Log Analytics API. As part of the process described in the Microsoft documentation, I need to request a token using the Microsoft Entra ID OAuth2 flow.
I can't find the mistake, since I'm using a scope inside databricks to access the secret inside a keyvault. The value of the secret belongs to a Service Principal.
I'm running a jupyter notebook inside databricks. Here's the code (anonimized):
url = "https://login.microsoftonline.com/xxxxxxx/oauth2/token"
headers = {"Content-Type": "application/x-www-form-urlencoded"}
key = dbutils.secrets.get(scope="kv_XXX", key="XXXx")
payload = {"grant_type":"client_credentials",
"client_id": "2xxxxx",
"scope":"34xxxxxxx/.default",
"client_secret": key}
response = requests.post(url, headers=headers, data=payload)
print(response.text)
Here's the error:
AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app 'xxxxx'.
I've tried other authentication methods, but the error remains.
You might be providing the secret ID instead of the secret value.
You need to add the secret value as highlighted in the image below to your Key Vault secrets.
So, verify the value you've entered in the Key Vault secrets to ensure it's correct.
Output:
If you are still getting the error, check whether you are passing the secret value of the correct application to which you have given permission.