Issue: You Get "Invalid Client Secret" error even if the same secret key works fine in Postman.
Scenario: You are using HTTP action to call REST API for SharePoint. you successfully get the Access Token however, the same does not work in GET or POST method and errors out with "Invalid Client Secret". Even though the same client secret works perfectly fine in Postman tool.
I have mostly got this error when the Client Secret key has some plus (+) sign or equal (=) sign in the secret. otherwise it does not give me error.
Resolution:
You need to Encode the special characters.
For Example:- This is the Original client secret key. where we have + sign and = sign.
"r4QenWWBrPvUw4DCiWIYJpVXWrSXL45FO8ABX6OD++4="
Encode the client secret as below. Replace + by %2B and = by %3D
r4QenWWBrPvUw4DCiWIYJpVXWrSXL45FO8ABX6OD%2B %2B 4%3D
Now if you run the flow it should work without any errors.
More Information on special characters
Scenario: You are using HTTP action to call REST API for SharePoint. you successfully get the Access Token however, the same does not work in GET or POST method and errors out with "Invalid Client Secret". Even though the same client secret works perfectly fine in Postman tool.
I have mostly got this error when the Client Secret key has some plus (+) sign or equal (=) sign in the secret. otherwise it does not give me error.
Resolution:
You need to Encode the special characters.
For Example:- This is the Original client secret key. where we have + sign and = sign.
"r4QenWWBrPvUw4DCiWIYJpVXWrSXL45FO8ABX6OD++4="
Encode the client secret as below. Replace + by %2B and = by %3D
r4QenWWBrPvUw4DCiWIYJpVXWrSXL45FO8ABX6OD%2B %2B 4%3D
Now if you run the flow it should work without any errors.
More Information on special characters
The reserved
character "/", for example, if used in the "path" component
of a URI, has the special meaning of being a delimiter between path segments.
If, according to a given URI scheme, "/" needs to be in a path
segment, then the three characters "%2F" or "%2f" must be
used in the segment instead of a raw "/".
!
|
#
|
$
|
&
|
'
|
(
|
)
|
*
|
+
|
,
|
/
|
:
|
;
|
=
|
?
|
@
|
[
|
]
|
%21
|
%23
|
%24
|
%26
|
%27
|
%28
|
%29
|
%2A
|
%2B
|
%2C
|
%2F
|
%3A
|
%3B
|
%3D
|
%3F
|
%40
|
%5B
|
%5D
|
Reserved characters after percent-encoding
newline
|
space
|
"
|
%
|
-
|
.
|
<
|
>
|
\
|
^
|
_
|
`
|
{
|
|
|
}
|
~
|
%0A or %0D or %0D%0A
|
%20
|
%22
|
%25
|
%2D
|
%2E
|
%3C
|
%3E
|
%5C
|
%5E
|
%5F
|
%60
|
%7B
|
%7C
|
%7D
|
%7E
|
Common characters after percent-encoding (ASCII or
UTF-8 based)
Arbitrary character
data is sometimes percent-encoded and used in non-URI situations, such as for
password obfuscation programs, or other system-specific translation protocols.