Status 401: error_description":"AADSTS7000216: 'client_assertion', 'client_secret' or 'request' is required for the 'client_credentials'

[louis-wuitton]

After the recent change on the endpoint used for the extension, some folks are hitting the issues of status 401. It will say something as:

Status 401: {"error":"invalid_client","error_description":"AADSTS7000216: 'client_assertion', 'client_secret' or 'request' is required for the 'client_credentials' grant type.\r\nTrace ID: 12ffdc87-bc07-42df-9c4f-b89c37f86900\r\nCorrelation ID: 088de9f2-872c-408c-b0b4-fa9f6b62bcad\r\nTimestamp: 2019-11-14 00:50:28Z","error_codes":[7000216],"timestamp":"2019-11-14 00:50:28Z","trace_id":"12ffdc87-bc07-42df-9c4f-b89c37f86900","correlation_id":"088de9f2-872c-408c-b0b4-fa9f6b62bcad","error_uri":"https://login.microsoftonline.com/error?code=7000216"}

If you are hitting this issue, please check if your client secret is expired. You need to create a new Windows Dev Center service connection. Also you need to go to app registration to create a new secret if it's expired. Make sure your service connection uses the app secret from the app registration.

[SunjayKalsi]

You need to create a new Windows Dev Center service connection. Also you need to go to app registration to create a new secret if it's expired. Make sure your service connection uses the app secret from the app registration.

Any chance you can elaborate more on the solution? I didn't set that part of my build. Help would gratefully be appreciated

[pulla2908]

If you are hitting this issue, please check if your client secret is expired.

I had the same error. My secret key is not expired yet (is going to expire 2020). I figured out on Azure Dev Ops I could not "Update Service Connection" any more. This was suspicious to me. I created a new Service Connection with a new secret key (I had to generate a new one because I can't remember on the old one). On the newly created Service Connection I can "Update Service Connection" as expected. Then I changed the task to use this Service Connection and the error disappeared. No idea what happens to my existing Service Connection.

[louis-wuitton]

One reason you cannot use your old service connection is because it might be deleted behind the scene. If it's not working you can just disconnect it and use your new endpoint.

[sebastianzolg]

Same issue here! Re-creating the connection fixed it for me too. Thanks, @pulla2908

[jdub403]

It would be great if I can recreate the connection. Since this extension was updated, it has broken the connection and the ability to create new extensions.

[dpaulino]

I hit this exact same error today. It was my first attempt to release a new build in 4 weeks. My client secret is not expired yet, so I tried creating a new service connection in ADO. The new service connection worked fine. I'm not sure why the old one is broken...

[pulla2908]

I have now the same issue again (401). I tried to create a new service connection again. But this time it requires a Username and Password in addition. This is new since the last time. I don't know what do enter there.

See also this issue about Username and Password.

@dpaulino Did you have to deal with username and password and if yes what did you enter?

[dpaulino]

I think I put the client ID as the username and the client secret ad the password

[pulla2908]

@dpaulino that worked for me as well! Client ID as Username and Client secret as Password. New service connection created. Can now publish again to the store with the new service connection and my newly created secret key.