Saturday, February 24, 2018

Microsoft Flow | HTTP Rest API | Invalid Client Secret error

Issue: You Get "Invalid Client Secret" error even if the same secret key works fine in Postman.

Scenario: You are using HTTP action to call REST API for SharePoint. you successfully get the Access Token however, the same does not work in GET or POST method and errors out with "Invalid Client Secret". Even though the same client secret works perfectly fine in Postman tool.

I have mostly got this error when the Client Secret key has some plus (+) sign or equal (=) sign in the secret. otherwise it does not give me error.

Resolution:

You need to Encode the special characters.

For Example:- This is the Original client secret key. where we have + sign and = sign.

"r4QenWWBrPvUw4DCiWIYJpVXWrSXL45FO8ABX6OD++4="

Encode the client secret as below. Replace + by %2B and = by %3D

r4QenWWBrPvUw4DCiWIYJpVXWrSXL45FO8ABX6OD%2B %2B 4%3D

Now if you run the flow it should work without any errors. 

More Information on special characters

The reserved character "/", for example, if used in the "path" component of a URI, has the special meaning of being a delimiter between path segments. If, according to a given URI scheme, "/" needs to be in a path segment, then the three characters "%2F" or "%2f" must be used in the segment instead of a raw "/".


!
#
$
&
'
(
)
*
+
,
/
:
;
=
?
@
[
]
%21
%23
%24
%26
%27
%28
%29
%2A
%2B
%2C
%2F
%3A
%3B
%3D
%3F
%40
%5B
%5D
Reserved characters after percent-encoding
  


newline
space
"
%
-
.
<
>
\
^
_
`
{
|
}
~
%0A or %0D or %0D%0A
%20
%22
%25
%2D
%2E
%3C
%3E
%5C
%5E
%5F
%60
%7B
%7C
%7D
%7E
Common characters after percent-encoding (ASCII or UTF-8 based)

Arbitrary character data is sometimes percent-encoded and used in non-URI situations, such as for password obfuscation programs, or other system-specific translation protocols.


No comments:

Total Pageviews