The provided client secret keys for app are expired

[kochn]

Jenkins and plugins versions report

Environment

```text Jenkins: 2.319.2 OS: Linux - 5.13.0-1021-azure --- StashBranchParameter:0.3.0 ace-editor:1.1 analysis-model-api:10.9.1 ant:1.13 antisamy-markup-formatter:2.7 apache-httpcomponents-client-4-api:4.5.13-1.0 authentication-tokens:1.4 azure-acs:1.0.4 azure-ad:189.v2da14dccdb43 azure-commons:1.1.3 azure-container-registry-tasks:0.6.5 azure-credentials:198.vf9c2fdfde55c azure-keyvault:131.v867845ef6ae9 azure-sdk:84.v53035e83f3c2 azure-vm-agents:816.v27bbb474b2b2 badge:1.9.1 basic-branch-build-strategies:1.3.2 bitbucket-build-status-notifier:1.4.2 blueocean:1.25.2 blueocean-autofavorite:1.2.4 blueocean-bitbucket-pipeline:1.25.2 blueocean-commons:1.25.2 blueocean-config:1.25.2 blueocean-core-js:1.25.2 blueocean-dashboard:1.25.2 blueocean-display-url:2.4.1 blueocean-events:1.25.2 blueocean-executor-info:1.25.2 blueocean-git-pipeline:1.25.2 blueocean-github-pipeline:1.25.2 blueocean-i18n:1.25.2 blueocean-jira:1.25.2 blueocean-jwt:1.25.2 blueocean-personalization:1.25.2 blueocean-pipeline-api-impl:1.25.2 blueocean-pipeline-editor:1.25.2 blueocean-pipeline-scm-api:1.25.2 blueocean-rest:1.25.2 blueocean-rest-impl:1.25.2 blueocean-web:1.25.2 bootstrap4-api:4.6.0-3 bootstrap5-api:5.1.3-4 bouncycastle-api:2.25 branch-api:2.7.0 build-timeout:1.20 caffeine-api:2.9.2-29.v717aac953ff3 checks-api:1.7.2 cloud-stats:0.27 cloudbees-bitbucket-branch-source:751.vda_24678a_f781 cloudbees-disk-usage-simple:0.10 cloudbees-folder:6.17 command-launcher:1.6 copyartifact:1.46.2 credentials:1074.v60e6c29b_b_44b_ credentials-binding:1.27.1 data-tables-api:1.11.3-6 display-url-api:2.3.5 docker-commons:1.18 docker-workflow:1.27 durable-task:493.v195aefbb0ff2 echarts-api:5.2.2-2 extended-read-permission:3.2 external-monitor-job:1.7 favorite:2.3.3 font-awesome-api:5.15.4-5 forensics-api:1.7.0 git:4.10.2 git-client:3.11.0 git-server:1.10 github:1.34.1 github-api:1.301-378.v9807bd746da5 github-branch-source:2.11.4 google-oauth-plugin:1.0.6 groovy:2.4 groovy-postbuild:2.5 handlebars:3.0.8 handy-uri-templates-2-api:2.1.8-1.0 htmlpublisher:1.28 jackson2-api:2.13.1-246.va8a9f3eaf46a jacoco:3.3.1 javadoc:1.6 javax-activation-api:1.2.0-2 javax-mail-api:1.6.2-5 jaxb:2.3.0.1 jdk-tool:1.5 jenkins-design-language:1.25.2 jira:3.6 jjwt-api:0.11.2-9.c8b45b8bb173 jquery:1.12.4-1 jquery-detached:1.2.1 jquery-ui:1.0.2 jquery3-api:3.6.0-2 jsch:0.1.55.2 junit:1.53 kubernetes-cd:2.3.1 kubernetes-cli:1.10.3 kubernetes-client-api:5.11.2-182.v0f1cf4c5904e kubernetes-credentials:0.9.0 ldap:2.7 lockable-resources:2.13 mailer:408.vd726a_1130320 matrix-auth:3.0 matrix-project:1.20 mercurial:2.16 metrics:4.0.2.8.1 momentjs:1.1.1 multibranch-job-tear-down:1.2 multiple-scms:0.8 nodelabelparameter:1.10.3 oauth-credentials:0.5 okhttp-api:4.9.3-105.vb96869f8ac3a pam-auth:1.6.1 pipeline-aggregator-view:1.11 pipeline-build-step:2.15 pipeline-graph-analysis:188.v3a01e7973f2c pipeline-input-step:427.va6441fa17010 pipeline-milestone-step:1.3.2 pipeline-model-api:1.9.3 pipeline-model-declarative-agent:1.1.1 pipeline-model-definition:1.9.3 pipeline-model-extensions:1.9.3 pipeline-rest-api:2.20 pipeline-stage-step:291.vf0a8a7aeeb50 pipeline-stage-tags-metadata:1.9.3 pipeline-stage-view:2.20 pipeline-utility-steps:2.11.0 pitmutation:1.0-18 plain-credentials:1.7 plugin-util-api:2.12.0 popper-api:1.16.1-2 popper2-api:2.11.2-1 prism-api:1.25.0-2 prometheus:2.0.10 promoted-builds:3.11 pubsub-light:1.16 purge-build-queue-plugin:1.0 resource-disposer:0.17 role-strategy:3.2.0 sbt:1.5 scm-api:595.vd5a_df5eb_0e39 script-security:1131.v8b_b_5eda_c328e slack:2.49 snakeyaml-api:1.29.1 sonar:2.14 sse-gateway:1.24 ssh-credentials:1.19 sshd:3.1.0 structs:308.v852b473a2b8c swarm:3.29 testng-plugin:554.va4a552116332 timestamper:1.16 token-macro:267.vcdaea6462991 trilead-api:1.0.13 variant:1.4 warnings-ng:9.10.3 windows-slaves:1.8 workflow-aggregator:2.6 workflow-api:1122.v7a_916f363c86 workflow-basic-steps:2.24 workflow-cps:2648.va9433432b33c workflow-cps-global-lib:552.vd9cc05b8a2e1 workflow-durable-task-step:1121.va_65b_d2701486 workflow-job:1145.v7f2433caa07f workflow-multibranch:706.vd43c65dec013 workflow-scm-step:2.13 workflow-step-api:622.vb_8e7c15b_c95a_ workflow-support:813.vb_d7c3d2984a_0 ws-cleanup:0.40 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

OS: Ubuntu 20.04 LTS

Reproduction steps

1. Click on Manage Jenkins
2. Click on Manage Nodes
3. Delete one of the managed agents

Expected Results

The agent will be deleted

Actual Results

Agent cannot be deleted

Anything else?

I receive the following log message:

AzureVMComputer: doDoDelete called for agent my-agents-d48980
...
Exception while deleting VM
Also:   java.lang.Exception: #block terminated with an error
        at reactor.core.publisher.BlockingSingleSubscriber.blockingGet(BlockingSingleSubscriber.java:99)
        at reactor.core.publisher.Mono.block(Mono.java:1707)
        at com.azure.resourcemanager.resources.fluentcore.arm.collection.implementation.GroupableResourcesImpl.getByResourceGroup(GroupableResourcesImpl.java:106)
        at com.azure.resourcemanager.resources.fluentcore.arm.collection.implementation.GroupableResourcesImpl.getByResourceGroup(GroupableResourcesImpl.java:28)
        at com.microsoft.azure.vmagent.AzureVMManagementServiceDelegate.virtualMachineExists(AzureVMManagementServiceDelegate.java:1033)
        at com.microsoft.azure.vmagent.AzureVMManagementServiceDelegate.terminateVirtualMachine(AzureVMManagementServiceDelegate.java:1777)
        at com.microsoft.azure.vmagent.AzureVMManagementServiceDelegate.terminateVirtualMachine(AzureVMManagementServiceDelegate.java:1750)
        at com.microsoft.azure.vmagent.AzureVMAgent.deprovision(AzureVMAgent.java:658)
        at com.microsoft.azure.vmagent.AzureVMComputer.lambda$doDoDelete$0(AzureVMComputer.java:62)
        at com.microsoft.azure.vmagent.retry.RetryTask.call(RetryTask.java:49)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
com.microsoft.aad.msal4j.MsalServiceException: AADSTS7000222: The provided client secret keys for app '<any-uuid>' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds.
Trace ID: xxx
Correlation ID: xxx
Timestamp: 2022-06-10 13:35:18Z
    at com.microsoft.aad.msal4j.MsalServiceExceptionFactory.fromHttpResponse(MsalServiceExceptionFactory.java:45)
    at com.microsoft.aad.msal4j.TokenRequestExecutor.createAuthenticationResultFromOauthHttpResponse(TokenRequestExecutor.java:96)
    at com.microsoft.aad.msal4j.TokenRequestExecutor.executeTokenRequest(TokenRequestExecutor.java:37)
    at com.microsoft.aad.msal4j.AbstractClientApplicationBase.acquireTokenCommon(AbstractClientApplicationBase.java:128)
    at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:63)
    at com.microsoft.aad.msal4j.AcquireTokenByClientCredentialSupplier.acquireTokenByClientCredential(AcquireTokenByClientCredentialSupplier.java:63)
    at com.microsoft.aad.msal4j.AcquireTokenByClientCredentialSupplier.execute(AcquireTokenByClientCredentialSupplier.java:49)
    at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:69)
    at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:18)
    at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700)
Caused: com.microsoft.azure.vmagent.exceptions.AzureCloudException
    at com.microsoft.azure.vmagent.exceptions.AzureCloudException.create(AzureCloudException.java:54)
    at com.microsoft.azure.vmagent.exceptions.AzureCloudException.create(AzureCloudException.java:33)
    at com.microsoft.azure.vmagent.AzureVMManagementServiceDelegate.virtualMachineExists(AzureVMManagementServiceDelegate.java:1041)
    at com.microsoft.azure.vmagent.AzureVMManagementServiceDelegate.terminateVirtualMachine(AzureVMManagementServiceDelegate.java:1777)
    at com.microsoft.azure.vmagent.AzureVMManagementServiceDelegate.terminateVirtualMachine(AzureVMManagementServiceDelegate.java:1750)
    at com.microsoft.azure.vmagent.AzureVMAgent.deprovision(AzureVMAgent.java:658)
    at com.microsoft.azure.vmagent.AzureVMComputer.lambda$doDoDelete$0(AzureVMComputer.java:62)
    at com.microsoft.azure.vmagent.retry.RetryTask.call(RetryTask.java:49)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:829)

I am wondering, because there was no secret in the app stored before.

[timja]

There will be a secret and it's expired after however long you configured it.

If you don't see one now possibly someone deleted it.

[kochn]

Thanks for your reply. But I am searching for the location, where I have to store the secret value, which should be use for accessing the API.

[timja]

It’s on the credentials page