Client secret is expired.

[aersam]

Hi there

Seems that your Client Secret is expired. That's a least the error I get:

[cretumarius]

Hi! I am trying the latest version 7.0.0 but it's still not working for me. I am receiving failed to authorize

Don't know why, can anyone help me?

[skinread]

Based on some additional comments in https://github.com/zumwald/stateless-vsts-oauth/issues/12 it appears that the expired client secret issue can be related to having a pre-existing config file your home folder .vstsnpmauthrc

If the clientId is not current it might lead to this. I updated the client secret to value to what is given in this config file and then it worked for me.

[craignicol]

I've just been setting up a new machine (with n0 .vstsnpmauthrc ) and v7.0.0 is still displaying the above error out the box. The URL shown in my terminal shows a client_id starting with DE51, rather than the clientID mentioned in the config file in the above comment.

[craignicol]

I had to run the following command

better-vsts-npm-auth config set clientId "C0518EF9-B87D-4C07-9132-CF404B18B546"

[DanielJDupont]

I had to run the following command

better-vsts-npm-auth config set clientId "C0518EF9-B87D-4C07-9132-CF404B18B546"

This solved the problem I was having. This has been a major issue for the last month for myself. Many thanks.

[nbotond20]

I had to run the following command

better-vsts-npm-auth config set clientId "C0518EF9-B87D-4C07-9132-CF404B18B546"

What is this client id and why do I have to set it? I faced the same problem, this solved it but I have no clue why it worked :/

[craignicol]

I had to run the following command better-vsts-npm-auth config set clientId "C0518EF9-B87D-4C07-9132-CF404B18B546"

What is this client id and why do I have to set it? I faced the same problem, this solved it but I have no clue why it worked :/

I believe this is the ClientID that better-vsts-npm-auth uses to authenticate with dev.azure.com (i.e. this is the app that zumwald created in the dev.azure.com marketplace so that Microsoft can grant and monitor permissions and prevent abuse of the dev.azure.com service

[chuanqisun]

Would it be possible to set this clientId by default? This issue has perplexed a lot of my teammates because the error message and the workaround are both unobvious.

In my case the error is slightly different but the workaround is the same

{"Error":"unauthorized_client","ErrorDescription":"Client failed validation"}

[zumwald]

The updated clientId is already the default: https://github.com/zumwald/better-vsts-npm-auth/blob/3ec0875fba14e7431d5a72b12bd69bc163c4f296/lib/config.ts#L13

Definitely want to improve this however I can for you all, but as documented in the issues relating to the clientId change (due to vsts app expiration with no option to renew) I'm out of options to improve afaict.

That this is happening for you on a new box is confounding indeed. One thing I have seen in my experience is that even "new" machines can be dirtied from the onset by tools which automatically "roam" user files from one machine to the next. On Windows OneDrive is notorious for this, on Mac it's iCloud. I'd double check this isn't happening the directory where you have your rc files.