Troubleshooting the "AADSTS7000222" Azure error message
Who is this article for?
Users who see this error logged when they try to login.
IT Administrator permissions are required to resolve the issue.
Applications using SSO (more specifically, OIDC) use a secret key (like a password) to prove their identity to Microsoft Azure. This error occurs when that secret key has passed its expiration date and is no longer valid.
1. Issue
When an OIDC client secret has expired, when attempting to log in, users will see the generic "Something has gone wrong" error.
After pressing F12 and selecting the Console menu item, they will see a list of errors, including one that looks like this:
https://tenant.stack.hub.ideagen.com/backend/signin-oidc?error_description=
tenant-SSO+Error+-+401+invalid_client+AADSTS7000222:+
The+provided+client+secret+keys+for+app+'[some GUID]'+are+expired.
The key part is:
AADSTS7000222: The provided client secret keys for app '[some GUID]' are expiredThis tells us that the client secret used has expired.
2. Solution
To resolve this issue, you need to generate a new client secret in the Azure portal for your application and update your application's configuration to use the new secret.
To update the client secret:
- Contact your IT Administrator, who will be able to generate a new client secret in Azure.
- Log in to Ideagen Hub.
- Open the Admin Console.
- Go to the Security Centre.
- Scroll to Authentication.
- Edit the External IDP Configurationto include the new secret.
Once the secret is updated, users will be able to log in.